How the Eclipse Foundation, industry and academic partners are working together to address the challenge of measuring and improving the security posture of open-source projects in practical, compelling and above all adoptable ways.

The Eclipse Foundation is partnering with the Linux Foundation and others to find practical and adaptable ways of improving project security posture.

From simple process aspects like having a stated vulnerability process to more sophisticated elements such as SBOMs or secure build processes. There are many ideas, tools, checklists and opinions. This session will explain how the EF is planning to navigate this space to create a compelling framework that will allow projects to improve with limited or no impact.