Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-membership-at-large] Proposal to establish the Eclipse Cyber Risk Initiative Working Group
All;

The Eclipse Foundation is pleased to announce the proposal to establish the Eclipse Cyber Risk Initiative Working Group.  The background motivation for this initiative is detailed in the whitepaper here. [1]  

The proposed charter [2] for this working group outlines the overarching goal of this working group which is to ensure the security and integrity of the Eclipse Foundation’s community, projects, systems and data by implementing the industry’s best practices and standards for software production, risk management and incident response.  In particular, our vision is to have the Eclipse Foundation be recognized across the industry as a leading security organization known for our ability to proactively identify and mitigate risks and effectively respond to incidents.

To this end the working group will:

  • Drive improvements to the Eclipse Foundation's security policies and processes for all projects.
  • Drive improvements to the Eclipse Foundation's infrastructure that supports our open source projects.
  • Drive improvements to the security of our projects by providing services to them including assistance in supporting our improved processes, external security audits, and dependency analyses to mitigate for known vulnerabilities.
  • Help our committers and contributors improve their skills through training.
  • Promote the Eclipse project community's ability to deliver supply chain secure open source components, frameworks, and runtimes.
  • Engage with government policy discussions related to open source supply chain security to promote the interests of the Eclipse Foundation's open source projects and community.
  • Manage the overall technical and business strategies with respect to security risk mitigation and responsiveness for select open source projects and participate in the same for select non-Eclipse open source projects.
  • Establish and drive a funding model that enables this working group and its community to operate on a sustainable basis.


The proposed charter for this working group is now available for review.  

All Members of the Eclipse Foundation are invited to join [3] and participate in this working group.  We encourage you to connect to the working group mailing list [4] to stay abreast of updates and latest news.  All comments and feedback are welcome.

Please feel free to contact me directly, or the mailing list, if you have any questions.

[1]  https://www.eclipse.org/org/workinggroups/eclipse-cyber-risk-concept.php
[2] https://www.eclipse.org/org/workinggroups/eclipse-cyber-risk-charter.php
[3] https://www.eclipse.org/org/workinggroups/wgpa/eclipse-cyber-risk-initiative-working-group-participation-agreement.pdf
[4]  https://accounts.eclipse.org/mailing-list/eclipse-cyber-risk-initiative

Regards
========
Paul White
VP, Member Services & Secretary/Treasurer | Eclipse Foundation



Back to the top