Hello Eclipse IoT projects,
in the past few months the IoT PMC started to work towards making IoT
projects aware of the Eclipse security policy [1]. As the latest IoT
survey again showed, security is a top concern.
We started with a simple amendment to our review process for project releases. The following items are new:
* Projects should take some time to get familiar with the Eclipse security policy [1]
* There should be an easy to find link on each project's homepage, pointing users towards
https://eclipse.org/security which explains how to report security related issues, e.g. adding the link to the other links to Eclipse resources in the footer of the project page will be sufficient.
* The field "security issues" in the release review document is considered mandatory
For a more detailed description also see [2].
Of course projects are welcome do go beyond that. But we wanted to start
with a minimal baseline which all projects provide, without forcing too
much effort on each project.
We will continue to work on this matter and are happy for any ideas you may have.
Cheers
Jens
[1]
https://eclipse.org/security/policy.php
[2]
https://wiki.eclipse.org/IoT/PMC#Releases--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH,
www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
