Matteo Mortari

# Secured delivery against man-in-the-middle (MITM) attacks > The project MUST use a delivery mechanism that counters MITM attacks. Using https or ssh+scp is acceptable. [delivery_mitm] ``` we distribute sources...

# Publicly known vulnerabilities fixed > There MUST be no unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days. [vulnerabilities_fixed_60_days] ``` no...

# Other security issues > The public repositories MUST NOT leak a valid private credential (e.g., a working password or private key) that is intended to limit public access. [no_leaked_credentials]...

Note: adding to question 1 in "Use basic" block the "The project does not write/implement its own cryptography algorithms."

Note: adding to "Use basic" block a number of "As above", since subsequent questions pertains to what is the described to question 1 in that block

section is complete; if you are reading this message and you'd like to submit changes to this badge section, don't hesitate to reopen this ticket or a new one

thank you for sharing about this important topic in today's KF MR biweekly! we appreciate your role as liaison and making us aware of all these KF community topics 🙏

> willing to serve as a contact person to assist with the self-evaluation process count on me as well @milosjava as mentioned 👍

for the records, we introduced CNCF instance of FOSSA with: - https://github.com/kubeflow/model-registry/issues/323

today at the time of writing, we "moved the needle" of the badge from 19% to 34%, then sub-issues have been created for divide-et-impera and promote community contributions