Do you work on an open-source project, and do you want to give your consumers confidence in the quality and management of your project? You can achieve this, at no cost, by getting and showing off the OpenSSF Best Practices Badge.
The Open Source Security Foundation (OpenSSF) Best Practices Badge Program allows you to self-certify how well it follows best practices.
The real goal of the OpenSSF Best Practices Badge project is to encourage projects to apply best practices, and to help users determine which FLOSS projects do so. We believe that FLOSS projects that implement best practices are more likely to produce better software, including more secure software.
You can earn one of three badges:
- Passing focuses on best practices that well-run FLOSS projects typically already follow. Getting the passing badge is an achievement; only about 10% of projects pursuing a badge achieve the passing level at any one time.
- Silver is a more stringent set of criteria than passing but is expected to be achievable by small and single-organization projects.
- Gold is even more stringent than silver and includes criteria not achievable by small or single-organization projects.
More than 700 projects reached at least the passing level. Here is the complete set of criteria for all badge levels.
You can add the badge either through Markdown or HTML to your project page once you have answered the questions and fulfilled the requirements for the desired badge level.
You can find my open-source project SwiftPlantUML as one of the projects.
It took me about 30min to complete the questionnaire. I automatically fulfilled some requirements already by hosting my open-source project on GitHub. I also learned some new practices. Overall this exercise is valuable
- for you as a developer to learn
- for your project consumers to gain confidence and trust