The OpenSSF's Securing Software Repositories Working Group, in collaboration with CISA and GitHub, has released the Principles for Package Repository Security, a framework to evaluate and enhance the security of package repositories. This framework aims to help package managers assess and improve the security of open source ecosystems. GitHub emphasizes the importance of focusing on and measuring the fundamentals to ensure the availability, security, and accessibility of its platform. The SPACE framework has played a foundational role in how the GitHub Copilot team approached research, positioning, and product development.
Package managers play a key role in securing open source ecosystems. Together with the @openssf’s Securing Software Repositories Working Group, we published a framework to help package managers assess & improve their security. Read more & contribute here: https://t.co/zMPd6utjfT https://t.co/Ue8kTWikl8
code review isn't about code quality or correctness, but knowledge sharing and process improvement. it's precisely because we do trust our engineers that we do code review. https://t.co/LvwyKmx6uH
Our engineering teams are accountable for making sure GitHub is always available, secure, and accessible. How do we do it? By focusing on (and measuring) the fundamentals. https://t.co/Ds6WHK9yKF
We partnered with @openssf’s Securing Software Repositories Working Group to release Principles for Package Repository Security, a framework for package repositories to assess their security capabilities and roadmap improvements. Learn more: https://t.co/hH0Vj9BGEk https://t.co/y4hM3z4aJi
Satisfaction, Performance, Activity, Communication, Efficiency...what does that spell? @PreciselyAlyss walks through how the SPACE framework played a foundational role in how the GitHub Copilot team approached research, positioning, & prod development. https://t.co/jALGb05pOA https://t.co/3GrNDXQ2Zp
We partnered with @openssf’s Securing Software Repositories Working Group to release Principles for Package Repository Security, a framework for package repositories to assess their security capabilities and roadmap improvements https://t.co/y4hM3z4aJi
Excited to release v0.1 of the Principles for Package Repository Security 🎉 A framework for evaluating your repository security. Collab between the OpenSSF Securing Software Repositories WG & @CISAgov Blog by @jackhcable, CISA & @steiza, @github https://t.co/BbeEL6Li1C