The Heartbleed bug revealed that some important open source projects were so understaffed that they were unable to properly implement best security practices. The Linux Foundation’s Core Infrastructure Initiative , formed to help open source projects have the ability to adopt these practices, uses a lot of carrot and very little stick.
The FOSS Force Video Interview
David A. Wheeler’s personal website contains more than a book’s worth of Linux and Unix security advice — along with many random observations about this and that, with an emphasis on free and open source software. He was recently selected as technical lead for an important Linux Foundation security project. Is Wheeler famous? Surprisingly not, since he’s not a publicity seeker. But maybe he should be. Many less-accomplished people are.
Wheeler started writing about Linux and Unix security in the last millenium, and he’s never stopped. Now he’s the technical lead for the Linux Foundation’s Core Infrastructure Initiative Badge Project, which is a certification that says a software project is following a set of best practice rules that make sure its developers and maintainers put some major thought into security — and that’s it’s easy to report bugs, and that bug reports get acted upon sooner rather than later.
All basic stuff, right? So it is, but too many projects don’t think about security nearly as much as they should, says Wheeler, who is eminently qualified to lead this effort. As his short bio says, “He has a PhD in Information Technology, a Master’s in Computer Science, a certificate in Information Security, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He lives in Northern Virginia.” (Disclosure: I’ve known Wheeler and followed his work for many years. You can learn a lot from this man. I have.)
Robin "Roblimo" Miller
Latest posts by Robin "Roblimo" Miller (see all)
- Dealing With Real-Life, Everyday Security Threats - April 13, 2017
- No, Evil Hackers Aren’t After You - March 17, 2017
- Should the U.S. Army Have Its Own Open Source License? - March 9, 2017