Enhancing Open Source Supply Chain Security

View this email in your browser

Enhancing Open Source
Supply Chain Security

Software supply chain security is becoming increasingly more critical. Exposed vulnerabilities in widely-used open source software like Log4j has shined a bright light on the need to implement supply chain security best practices.

At the Eclipse Foundation, we're prioritizing supply chain security in a number of ways. Many projects like Eclipse Temurin are already SLSA compliant or working towards compliance. And, be sure to stay tuned for the upcoming launch of a security-focused working group!

This month's newsletter takes a closer look at this important issue, including a review of our vulnerability reporting process and an analysis of existing security practices.

Enjoy the read,
Clark Roundy
Director of Product Marketing


Reporting and Managing Security Issues in Eclipse Projects

Marta Rybczynska looks at the Eclipse Foundation's vulnerability reporting process, including what committers need to know if a vulnerability is reported in a project they contribute to. 
Read More

SLSA Survey Results Are Encouraging, But Opinions Are Still Forming

John Speed Meyers looks at the findings of the recent SLSA++ survey, including how existing security practices are perceived, which practices are being adopted, and what this means for the future.
Read More

Committer Profile
Hendrik Ebbers

Get to know Hendrik, founder of Open Elements, and a project lead on the Eclipse AQAvit and Eclipse Temurin projects. 
Read More

Community Updates

EclipseCon Early-Bird Submission Deadline Is June 2 

Proposals that meet the early-bird deadline are eligible to be approved earlier, and benefit from extra publicity. Read More->


Save the Date for the 2023 JakartaOne Livestream

The Jakarta EE community’s biggest virtual event of the year is set for December 5, 2023. 
Read More->


Register for the Eclipse IDE Hackathon

Everyone from newcomers to experienced contributors are welcome to attend to get to know the Eclipse IDE community. Read More->


SDV Community Days Showcase Open Source Automotive Innovation

These events give the community a chance to meet and work towards building an SDV distribution entirely consisting of open source projects. Read More->


Relive Virtual IoT & Edge Days 2023

You can watch recordings from both days of the conference on the Eclipse Foundation’s YouTube channelRead More->

New Projects

Eclipse Ankaios manages multiple nodes and virtual machines with a single unique API in order to start, stop, configure, and update containers and workloads. Read More ->

Eclipse Dataspace TCK will consist of a modular test harness that can be extended to verify multiple Dataspace protocols and standards. Read More ->

Eclipse uProtocol aims to provide a transport agnostic, layered communication protocol that builds on top of existing automotive and Internet standards, from the mechatronic layer up to the Cloud. Read More -> 

New Releases

Upcoming Events

RT-Thread Global Tech Conference
June 1-3, 2023

ICT4S 2023
June 5-9, 2023

RISC-V Europe Summit
June 5-9, 2023

Automotive Open Source Summit
June 6, 2023

Eclipse Foundation · 2934 Baseline Road, Suite 202 · Ottawa, ON K2H 1B2 · Canada