Securing the open source software supply chain is one of the Eclipse Foundation’s top priorities, and our recent security audit for Equinox p2 is an important part of this effort.
As the provisioning component of the Eclipse IDE, Equinox p2 was a logical choice for our first security audit. Identifying and addressing vulnerabilities of any provisioning system is a critically important aspect of supply chain security, as fixing the vulnerabilities discovered in the audit lowers the risk of developers installing malware when obtaining extensions from the internet.
Read our blog post to learn more, and download the full report for more information about the vulnerabilities identified in the audit.
To learn more about our supply chain security efforts, visit our security page.