The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
Our friends at Ericsson have developed a set of code examples and guidance grounded in the MITRE CWE framework (https://cwe.mitre.org/). This work was originally inspired by SEI Cert's secure coding material, with the intention of translating those to Python to educate new and experienced developers and enable future automation with valid code examples.
We intend to meet ever two weeks to discuss and develop this idea together with the ultimate goal of have a useful artifact that can be easily leveraged by developers (as close to the IDE as possible) and enable tooling and automation to identify these types of coding errors.
gkunz
commented
4 months ago
Our friends at Ericsson have developed a set of code examples and guidance grounded in the MITRE CWE framework (https://cwe.mitre.org/). This work was originally inspired by SEI Cert's secure coding material, with the intention of translating those to Python to educate new and experienced developers and enable future automation with valid code examples.
The initial seed for this idea will grow from: https://github.com/Ericsson/secure_coding_one_stop_shop_for_python
We intend to meet ever two weeks to discuss and develop this idea together with the ultimate goal of have a useful artifact that can be easily leveraged by developers (as close to the IDE as possible) and enable tooling and automation to identify these types of coding errors.