CII Best Practices Badging Process - NTPsec

Dan Poirot dtpoirot at gmail.com
Thu Jul 14 21:12:58 UTC 2016


Hello Caeley and David and welcome to the discussion,

 

 

Truly some good stuff here! With a mature SDLC and leveraging highly skilled volunteers, I think NTPsec is well on the way to its badge.

 

 

Being a Synopsys sales engineer (shill), I am pleased to see Coverity listed in the CII Best Practices criteria. While itself not being open source, the Coverity analysis service is freely available to FLOSS projects on our SCAN.COVERITY.COM site. Over 8,200 FLOSS projects are regularly receiving static analysis of quality and security issues - including two projects discussed here - NTPsec and GPSd.

 

 

In the Federal space, best practices and often contractual obligations require using at least two static analysis tools. 

 

Potential complimentary tools might include cppcheck and clang analysis.

 

 

Additional testing may be of interest to projects based on, or implementing, networking protocols, again including NTPsec and GPSd.

 

Generational fuzz testing at the network layer ensures a robust implementation. NTPsec is currently fuzz tested using both Synopsys Defensics and Americian Fuzzy Lop (http://lcamtuf.coredump.cx/afl/)

 

 

Mark, please let us know if there are any tasks leading to certification which may need to be assigned.

 

Best regards,

-    Dan

 

 

From: devel [mailto:devel-bounces at ntpsec.org] On Behalf Of Mark Atwood
Sent: Thursday, July 14, 2016 3:22 PM
To: Looney, Caeley M (UNC) <clooney at ida.org>
Cc: Wheeler, David A <dwheeler at ida.org>; devel at ntpsec.org
Subject: Re: CII Best Practices Badging Process - NTPsec

 

Hello Caeley and David,

 

Thank you for your offer to help the NTPsec Project improve our CII Badge score.

 

Yes, we would appreciate your help.  

 

As you may know, the NTPsec Project's website is at http://ntpsec.org/ and contains links to the project documentation, and links to our GitLab org account and git repos at https://gitlab.com/groups/NTPsec 

 

Please do check out the project, and let us know your suggestions at improving our score.

 

Also, do please keep CC devel at ntpsec.org <mailto:devel at ntpsec.org>  on all emails about this, so we can maintain a public record and maintain full community participation.

 

..m

 

-- 

Mark Atwood

Project Manager pro tem, The NTPsec Project

 

 

 

 

 

On Thu, Jul 14, 2016, at 12:36, Looney, Caeley M (UNC) wrote:

Good Afternoon!

 

I work with David Wheeler at IDA on the CII Badging Process, and I noticed that NTPsec is making great progress towards getting its badge.  I have been working to help other projects fill in their criteria and help further their progress status, and I’m reaching out to you to see if you’d like me to review your project and help fill in the application where necessary as well.  Please let me know when you have the chance and I look forward to hearing back!

 

 

Thanks,

Caeley Looney

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160714/1834320e/attachment.html>


More information about the devel mailing list