David A. Wheeler

Provide recommendation to counter xz utils style attack

6

The malicious attack on the xz utils slipped through many defenses because the "source" package included pre-generated malicious code. This meant that review of the source code (e.g., as seen...

Review "C style" ideas from mcinglis

3

["C style" by mcinglis](https://github.com/mcinglis/c-style) lists some compiler options that might be of use in the C/C++ compiler options guide. These focus on general efforts to find bugs & clean up...

[Baseline WG] Create Secure Software Development Labs in Collaboration with OpenSSF

7

Description: Create more hands-on labs for the free ["Developing Secure Software" (LFD121) course](https://training.linuxfoundation.org/training/developing-secure-software-lfd121/) Impact: This will significantly help software developers learn how to develop secure software. 53% of software developers...

This fixes an error reported here: https://forum.linuxfoundation.org/discussion/866738/constant-time-algorithms-for-java by Simon (sipaynehsl). Since I'm already there, I added C#/.NET and some links (adding the links is helpful, *AND* it helps everyone verify...

Note that there's a delay for the activation link

1

We don't give details on timing, because unfortunately spammers could use that data.

Address this Post-install message from attr_encrypted: ~~~~ WARNING: Using `#encrypted_attributes` is no longer supported. Instead, use `#attr_encrypted_encrypted_attributes` to avoid collision with Active Record 7 native encryption. ~~~~