David A. Wheeler
David A. Wheeler
Review [Ubuntu's Security Features](https://wiki.ubuntu.com/Security/Features) to look for potential criterion questions. It might be useful to phrase at least some of these as separate criteria if #650 is implemented. Credit: Credit...
Our documentation directory is named `doc/`, but increasingly the convention seems to be to use `docs/`. We could rename to follow this convention. The main problem would be external links.
Generate SPDX. One solution is to use spdx-sbom-generator https://github.com/spdx/spdx-sbom-generator
If someone gets to a CII Best Practices badge entry, they may be trying to decide whether or not to use that project. It'd be good to provide simple hypertext...
[Greg K-H's talk "Non-technical issues in providing good security practices in an open-source project" at the Developing Secure Systems Summit](https://www.youtube.com/watch?v=Bn_m_y7J87g) makes a good point about updates / upgrades. He points...
Review SLSA for potential criteria: https://github.com/slsa-framework/slsa
Review Minimum Viable Secure Product (MSVP): https://mvsp.dev/
Rename the master-bestpractices app. We have [already renamed the "master" branch to the "main" branch](https://github.com/coreinfrastructure/best-practices-badge/issues/1450), once GitHub added functionality to make that easier. However, we did not change the Heroku...
Investigate this piece of advice: > Try replacing your form_for with form_with in your sessions/new.html.erb. I have a similar problem (Rails 6) and it seems to be ok now. per...
I like the look of the "language icon" as shown here: http://www.languageicon.org/ - it's what we are using now. However, I thought the "language icon" was under an open source...