Date: Thu, 9 Jan 2025 12:55:35 GMT From: Lorenzo Salvadore <salvadore@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 0e2ea006d4 - main - Status/2024Q4/foundation-security.adoc: Add report Message-ID: <202501091255.509CtZ8u022442@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=0e2ea006d443e34a105af3ec62b6cf1cbca95f24 commit 0e2ea006d443e34a105af3ec62b6cf1cbca95f24 Author: Pierre Pronchery <pierre@freebsdfoundation.org> AuthorDate: 2025-01-09 12:53:32 +0000 Commit: Lorenzo Salvadore <salvadore@FreeBSD.org> CommitDate: 2025-01-09 12:53:32 +0000 Status/2024Q4/foundation-security.adoc: Add report Reviewed by: status (Pau Amma <pauamma@gundo.com>) Pull Request: https://github.com/freebsd/freebsd-doc/pull/455 --- .../foundation-security.adoc | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/website/content/en/status/report-2024-10-2024-12/foundation-security.adoc b/website/content/en/status/report-2024-10-2024-12/foundation-security.adoc new file mode 100644 index 0000000000..92e8b6c7b2 --- /dev/null +++ b/website/content/en/status/report-2024-10-2024-12/foundation-security.adoc @@ -0,0 +1,23 @@ +=== Security engineering at the FreeBSD Foundation + +Links: + +link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[FreeBSD Foundation Releases Bhyve and Capsicum Security Audit Funded by Alpha-Omega Project] URL: link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[] + +link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[How FreeBSD security audits have improved our security culture] URL: link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[] + +link:https://github.com/orcwg/orcwg[Home of the ORC WG] URL: link:https://github.com/orcwg/orcwg[] + +link:https://freebsdfoundation.org/about-us/contact-us/[FreeBSD Foundation: Contact Us] URL: link:https://freebsdfoundation.org/about-us/contact-us/[] + +link:https://openssf.org/projects/osv-schema/[Open Source Vulnerability schema (OSV Schema)] URL: link:https://openssf.org/projects/osv-schema/[] + +link:https://github.com/ossf/osv-schema/pull/237[ossf/osv-schema tools: import a conversion tool to and from VuXML (#237)] URL: link:https://github.com/ossf/osv-schema/pull/237[] + +Contact: Pierre Pronchery <pierre@freebsdfoundation.org> + +My tasks at the FreeBSD Foundation continue to revolve around Security Engineering for the FreeBSD Project. + +First, we keep working on the outcome of the source code audit on bhyve and Capsicum, documenting and researching how to prevent and mitigate similar issues from occurring again in the future. +This includes the processes relevant for contributions to the FreeBSD Project, as well as the preparation of a joint presentation with Alpha-Omega at the BSD Devroom during the coming FOSDEM conference in 2025. + +At the same time, I am liaising with the Open Regulatory Compliance Working Group (ORC WG), where an FAQ is being elaborared jointly by a number of stakeholders on the European Union's newly introduced Cyber Resilience Act (CRA). +This is all related to our ongoing collaboration with OpenSSF, notably the self-assessment initiative; note that the FreeBSD Foundation can provide assistance in this regard for projects deploying FreeBSD. + +Finally, possibilities around the integration of OSV tooling into the FreeBSD ecosystem are under investigation as well. + +Sponsored by: The FreeBSD Foundation
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501091255.509CtZ8u022442>