On Wed, Nov 27, 2024 at 11:35 AM Mark Wielaard <m...@klomp.org> wrote: > > Hi all, > > After lots of discussions at some of our Open Office hours, at the > Cauldron, with other Software Freedom organizations and some of our > hardware and services providers we now have a Sourceware Cyber Security > FAQ explaining topics like the "US Improving the Nation's Cybersecurity > Executive Order 14028", "EU Cyber Resilience Act (EU CRA)" and "Secure > Software Development Framework (NIST SP 800-218)". > > https://sourceware.org/cyber-security-faq.html
s/so they share security threads/so they share security threats/g > We would like to extend this with some recommended practices for > projects to adopt. Although it is clear that these regulations are > mainly aimed at commercial entities, who bear the brunt of these > requirements. We believe this is an opportunity for projects to get > more (corporate) contributions since these guidelines and requirements > strongly suggest/mandate to make all their work public and contribute > (security issues) back upstream. So any policies documenting how to > clearly report issues and documenting the contributing and release > practices should be helpful. > > Please let us know if you have any questions or suggestions. Jeff
