[OPEN-ILS-DEV] Core Infrastructure Initiative Badge Program

Kathy Lussier klussier at masslnc.org
Thu Jun 29 20:38:32 EDT 2017 

Hi all,

A while ago, I came across the Core Infrastructure Initiative Badge 
Program, which awards a badge to open source projects that follow a set 
of best practices that shows the project's commitment to security.

According to their web site 
(https://www.coreinfrastructure.org/programs/badge-program): " The Core 
Infrastructure Initiative (CII) Badge Program is a free program designed 
with the open source community with criteria that evolves to allow for 
compensating controls rather than a strict mechanical process. The Best 
Practices Badge is an open source secure development maturity model. 
Projects having a CII badge will showcase the project's commitment to 
security."

I wanted to see if there was interest in investigating what steps would 
need to be taken to earn a badge for the Evergreen project. The criteria 
for the badge is available at 
https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/criteria.md. 
Scanning through the list, I see many criteria that we are already meeting.

I have a couple of reasons for wanting to pursue this badge:

- Running through the criteria list should be a useful exercise that 
will help us see what the strengths of our project are and where we need 
to improve. If we focus on improving the areas where we don't initially 
meet the criteria, it will help to strengthen our project.

- If we earn a badge, it can provide assurance to our users and to 
prospective users that we are a mature project that is following best 
practices identified by the open-source community as preferred 
standards. The badge is evidence that we do indeed follow recommended 
quality assurance practices and are committed to providing secure software.

If there is interest, maybe a few of us can divide up the list of 
criteria to identify ones we are already meeting and ones that we need 
to work on.

Let me know what you think.

Kathy



-- 
Kathy Lussier
Project Coordinator
Massachusetts Library Network Cooperative
(508) 343-0128
klussier at masslnc.org
Twitter: http://www.twitter.com/kmlussier

More information about the Open-ils-dev mailing list