luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Clarify OpenSSF Best Practices vs Scorecard

Browse Source 
SECURITY.md has a recently added section titled OpenSSF Scorecard
that actually documents OpenSSF Best Practices. Scorecard [0] is a
different OpenSSF project, that incorporates Best Practices, but is
distinct in its objectives and how it achieves them.
This change clarifies the terminology, and also removes any
implication that Gold Best Practices is an award rather than a self
certification programme.
As curl was a leader in implementing Best Practices some folk may be
more familiar with the earlier Core Infrastructure Initiative (CII)
naming, so a reference to that has been added.

[0] https://scorecard.dev/

Signed-off-by: Chris Swan <478926+cpswan@users.noreply.github.com>
Ref: #14319
Closes #14635
This commit is contained in:
Chris Swan 2024-08-21 14:26:59 +01:00 committed by Daniel Stenberg
parent aebd50870b
commit 35034df1ca
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
SECURITY.md
View File

@ -15,13 +15,15 @@ libcurl, report it on [HackerOne](https://hackerone.com/curl).
We treat security issues with confidentiality until controlled and disclosed responsibly. We treat security issues with confidentiality until controlled and disclosed responsibly.
## OpenSSF Scorecard ## OpenSSF Best Practices
curl has earned Gold status on the OpenSSF Best Practices, reflecting its adherence to curl has achieved Gold status on the Open Source Security Foundation (OpenSSF)
rigorous security and best practice standards. This achievement highlights curl's [Best Practices](https://bestpractices.dev/) (formerly Core Infrastructure
comprehensive documentation, secure development processes, effective change control Initiative Best Practices), reflecting its adherence to rigorous
mechanisms, and strong maintenance routines. Meeting these criteria demonstrates curl's security and best practice standards. This achievement highlights curl's
commitment to security and reliability, ensuring the project's sustainability and comprehensive documentation, secure development processes, effective change
trustworthiness. This recognition by OpenSSF underscores curl's role as a leader in control mechanisms, and strong maintenance routines. Meeting these criteria
open-source software practices. More information can be found on demonstrates curl's commitment to security and reliability, ensuring the
their [OpenSSF page](https://www.bestpractices.dev/projects/63). project's sustainability and trustworthiness. This underscores curl's role as
a leader in open-source software practices. More information can be found on
[curl's OpenSSF Best Practices project page](https://www.bestpractices.dev/projects/63).