Publicity

Here are some examples of where the CII best practices badge has been discussed, including our efforts to let people know about it.

• "Free Badge Program Signals What Open Source Projects Meet Criteria for Security, Quality and Stability" (Linux Foundation Press release), 2016-05-03
• "The Dave and Gunnar Show: Badge of Open Source Honor", 2016-05-10
• "Best Practices Badge", FLOSS Weekly 389, 2016-05-24
• "Core Infrastructure Initiative best-practices badge" by David A. Wheeler, LWN.net, 2016-06-08
• "How to Get an Open Source Security Badge from CII" by Emily Ratliff and David A. Wheeler, linux.com, 2016-06-01
• "Core Infrastructure Initiative (CII) Best-Practices Badge Criteria" by David A. Wheeler, June 28, 2016, IDA NS D-8054
• "Preventing the next Heartbleed and making FOSS more secure", interview by Mark Bohannon of David A. Wheeler, 2016-06-22, opensource.com
• "Open Source best practices criteria", Brandon Keepers (atom text editor), 2016-07-03. He said, "This is a great project and is receiving adoption in some circles..." and had two suggestions: "It needs a shorter and catchier name so I can tell more people about it" and "The project could benefit from more automation and autodetection." (David A. Wheeler agrees with both points.)
• The ChangeLog #215: Core Infrastructure Initiative Best Practices Badge with David A. Wheeler
• "Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge" by Dr. David A. Wheeler, Software and Supply Chain Assurance Forum, 2016-09-14
• "Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)" by Paul E. Black and Elizabeth Fong, November 2016, NIST Special Publication 500-320 said the following in section 1.3.6: "Participants judged that software could benefit from the programs and criteria of widely-accepted non-governmental organizations. Some possibilities are UL’s Cybersecurity Assurance Program (CAP), Consortium for IT Software Quality (CISQ) Code Quality Standards, and (the) Core Infrastructure Initiative (CII) Best Practices badge."
• "Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy" by Paul E. Black, Lee Badger, Barbara Guttman, and Elizabeth Fong, November 2016, NISTIR 8151 said the following in section 3: "Software can also benefit from the programs and criteria of third-party, non-governmental organizations. Some possibilities (include the)... Core Infrastructure Initiative (CII) Best Practices badge..."
• Open Source Security podcast episode 14 - David A Wheeler: CII Badges. Here's a nice quote: "This is a fantastic project... I think it is one of the most important security things going on today without question... folks go get your badges and make the world a better place..."
• "CII Best Practices Badge, One year later" by David Wheeler, Open Source Leadership Summit 2017, Lake Tahoe, CA, 2017-02-14. There also a video available.
• "CII Best Practices Badge, 1.5 years later" by David Wheeler, Linux Security Summit 2017, Los Angeles, CA, 2017-09-14
• "How to Develop Secure Applications: The BadgeApp Example" (video) by David A. Wheeler, 2017-09-18