Hello Caeley and David and welcome to the discussion,
Truly some good stuff here! With a mature SDLC and leveraging highly skilled volunteers, I think NTPsec is well on the way to its badge. Being a Synopsys sales engineer (shill), I am pleased to see Coverity listed in the CII Best Practices criteria. While itself not being open source, the Coverity analysis service is freely available to FLOSS projects on our SCAN.COVERITY.COM site. Over 8,200 FLOSS projects are regularly receiving static analysis of quality and security issues - including two projects discussed here - NTPsec and GPSd. In the Federal space, best practices and often contractual obligations require using at least two static analysis tools. Potential complimentary tools might include cppcheck and clang analysis. Additional testing may be of interest to projects based on, or implementing, networking protocols, again including NTPsec and GPSd. Generational fuzz testing at the network layer ensures a robust implementation. NTPsec is currently fuzz tested using both Synopsys Defensics and Americian Fuzzy Lop (http://lcamtuf.coredump.cx/afl/) Mark, please let us know if there are any tasks leading to certification which may need to be assigned. Best regards, - Dan From: devel [mailto:devel-boun...@ntpsec.org] On Behalf Of Mark Atwood Sent: Thursday, July 14, 2016 3:22 PM To: Looney, Caeley M (UNC) <cloo...@ida.org> Cc: Wheeler, David A <dwhee...@ida.org>; devel@ntpsec.org Subject: Re: CII Best Practices Badging Process - NTPsec Hello Caeley and David, Thank you for your offer to help the NTPsec Project improve our CII Badge score. Yes, we would appreciate your help. As you may know, the NTPsec Project's website is at http://ntpsec.org/ and contains links to the project documentation, and links to our GitLab org account and git repos at https://gitlab.com/groups/NTPsec Please do check out the project, and let us know your suggestions at improving our score. Also, do please keep CC devel@ntpsec.org <mailto:devel@ntpsec.org> on all emails about this, so we can maintain a public record and maintain full community participation. ..m -- Mark Atwood Project Manager pro tem, The NTPsec Project On Thu, Jul 14, 2016, at 12:36, Looney, Caeley M (UNC) wrote: Good Afternoon! I work with David Wheeler at IDA on the CII Badging Process, and I noticed that NTPsec is making great progress towards getting its badge. I have been working to help other projects fill in their criteria and help further their progress status, and I’m reaching out to you to see if you’d like me to review your project and help fill in the application where necessary as well. Please let me know when you have the chance and I look forward to hearing back! Thanks, Caeley Looney
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
