Skip to content

Commit

Permalink
Status/2024Q4/foundation-security.adoc: Add report
Browse files Browse the repository at this point in the history
Reviewed by:	status (Pau Amma <[email protected]>)
Pull Request:	#455
  • Loading branch information
khorben authored and lsalvadore committed Jan 9, 2025
1 parent 4dd8862 commit 0e2ea00
Showing 1 changed file with 23 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
=== Security engineering at the FreeBSD Foundation

Links: +
link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[FreeBSD Foundation Releases Bhyve and Capsicum Security Audit Funded by Alpha-Omega Project] URL: link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[] +
link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[How FreeBSD security audits have improved our security culture] URL: link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[] +
link:https://github.com/orcwg/orcwg[Home of the ORC WG] URL: link:https://github.com/orcwg/orcwg[] +
link:https://freebsdfoundation.org/about-us/contact-us/[FreeBSD Foundation: Contact Us] URL: link:https://freebsdfoundation.org/about-us/contact-us/[] +
link:https://openssf.org/projects/osv-schema/[Open Source Vulnerability schema (OSV Schema)] URL: link:https://openssf.org/projects/osv-schema/[] +
link:https://github.com/ossf/osv-schema/pull/237[ossf/osv-schema tools: import a conversion tool to and from VuXML (#237)] URL: link:https://github.com/ossf/osv-schema/pull/237[]

Contact: Pierre Pronchery <pierre@freebsdfoundation.org>

My tasks at the FreeBSD Foundation continue to revolve around Security Engineering for the FreeBSD Project.

First, we keep working on the outcome of the source code audit on bhyve and Capsicum, documenting and researching how to prevent and mitigate similar issues from occurring again in the future.
This includes the processes relevant for contributions to the FreeBSD Project, as well as the preparation of a joint presentation with Alpha-Omega at the BSD Devroom during the coming FOSDEM conference in 2025.

At the same time, I am liaising with the Open Regulatory Compliance Working Group (ORC WG), where an FAQ is being elaborared jointly by a number of stakeholders on the European Union's newly introduced Cyber Resilience Act (CRA).
This is all related to our ongoing collaboration with OpenSSF, notably the self-assessment initiative; note that the FreeBSD Foundation can provide assistance in this regard for projects deploying FreeBSD.

Finally, possibilities around the integration of OSV tooling into the FreeBSD ecosystem are under investigation as well.

Sponsored by: The FreeBSD Foundation

0 comments on commit 0e2ea00

Please sign in to comment.