-
Notifications
You must be signed in to change notification settings - Fork 344
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Status: Add FreeBSD Foundation security engineering report
- Loading branch information
Showing
1 changed file
with
23 additions
and
0 deletions.
There are no files selected for viewing
23 changes: 23 additions & 0 deletions
23
website/content/en/status/report-2024-10-2024-12/foundation-security.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| === Security engineering at the FreeBSD Foundation | ||
|
|
||
| Links: + | ||
| link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[FreeBSD Foundation Releases Bhyve and Capsicum Security Audit Funded by Alpha-Omega Project] URL: link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[] + | ||
| link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[How FreeBSD security audits have improved our security culture] URL: link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[] + | ||
| link:https://github.com/orcwg/orcwg[Home of the ORC WG] URL: link:https://github.com/orcwg/orcwg[] + | ||
| link:https://freebsdfoundation.org/about-us/contact-us/[FreeBSD Foundation: Contact Us] URL: link:https://freebsdfoundation.org/about-us/contact-us/[] + | ||
| link:https://openssf.org/projects/osv-schema/[Open Source Vulnerability schema (OSV Schema)] URL: link:https://openssf.org/projects/osv-schema/[] + | ||
| link:https://github.com/ossf/osv-schema/pull/237[ossf/osv-schema tools: import a conversion tool to and from VuXML (#237)] URL: link:https://github.com/ossf/osv-schema/pull/237[] | ||
|
|
||
| Contact: Pierre Pronchery <pierre@freebsdfoundation.org> | ||
|
|
||
| My tasks at the FreeBSD Foundation continue to revolve around Security Engineering for the FreeBSD Project. | ||
|
|
||
| First, we keep working on the outcome of the source code audit on bhyve and Capsicum, documenting and researching how to prevent and mitigate similar issues from occurring again in the future. | ||
| This includes the processes relevant for contributions to the FreeBSD Project, as well as the preparation of a joint presentation with Alpha-Omega at the BSD Devroom during the coming FOSDEM conference in 2025. | ||
|
|
||
| At the same time, I am liaising with the Open Regulatory Compliance Working Group (ORC WG), where an FAQ is being elaborared jointly by a nomber of stakeholders on the European Union's newly introduced Cyber Resilience Act (CRA). | ||
| This is all related to our ongoing collaboration with OpenSSF, notably the self-assessment initiative; note that the FreeBSD Foundation can provide assistance in this regard for projects deploying FreeBSD. | ||
|
|
||
| Finally, possibilities around the integration of OSV tooling into the FreeBSD ecosystem are under investigation as well. | ||
|
|
||
| Sponsored by: The FreeBSD Foundation |