Standardizing Feature Flagging for Everyone.
OpenFeature is an open specification that provides a vendor-agnostic, community-driven API for feature flagging that works with your favorite feature flag management tool or in-house solution.
A specification for developer-centric application definition used in Cloud Native Applications
The Compose Specification is a developer-focused standard for defining cloud and platform agnostic container-based applications.
OpenPubkey is an open source project that binds public keys and workload identities using standard SSO and OpenID Connect.
Use OpenPubkey today to SSH to machines on your network without SSH keys.
A proposed standard which allows websites to define security policies.
“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”
A protocol for peer-to-peer data stores. The best parts? Fine-grained permissions, a keen approach to privacy, destructive edits, and a dainty bandwidth and memory footprint.
A minimum security baseline for enterprise-ready products and services.
Minimum Viable Secure Product (MVSP) is a list of essential application security controls that should be implemented in enterprise-ready products and services. The controls are designed to be simple to implement and provide a good foundation for building secure and resilient systems and services. MVSP is based on the experience of contributors in enterprise application security and has been built with contributions from a range of companies.
The Green Standard Editing Protocol for Internet Publishing.
a set of rules and guidelines that can be used by humans and machines to determine whether a story is worth publishing, how to specifically improve the story’s content, and how to distribute the story with more reach and relevance.
Open Federation is a community-driven open source initiative to create and maintain a specification for federated GraphQL APIs. Be part of the future; let's craft together.
The penetration testing execution standard consists of seven (7) main sections.
These cover everything related to a penetration test - from the initial communication and reasoning behind a pentest, through the intelligence gathering and threat modeling phases where testers are working behind the scenes in order to get a better understanding of the tested organization, through vulnerability research, exploitation and post exploitation, where the technical security expertise of the testers come to play and combine with the business understanding of the engagement, and finally to the reporting, which captures the entire process, in a manner that makes sense to the customer and provides the most value to it.
Evolving the Prometheus exposition format into a standard.
OpenMetrics a specification built upon and carefully extending Prometheus exposition format in almost 100% backwards-compatible ways.
Making the Network Visible.
sFlow® is an industry standard technology for monitoring high speed switched networks. It gives complete visibility into the use of networks enabling performance optimization, accounting/billing for usage, and defense against security threats.
Hydra simplifies the development of interoperable, hypermedia-driven Web APIs
JSON for Linking Data.
Data is messy and disconnected. JSON-LD organizes and connects it, creating a better Web.
Filter your HTML the standards-compliant way!
HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.
We are uncovering better ways of developing
software by doing it and helping others do it.
What is humans.txt?
It's an initiative for knowing the people behind a website. It's a TXT file that contains information about the different people who have contributed to building the website.
Supply-chain Levels for Software Artifacts, or SLSA ("salsa").
It’s a security framework, a checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure. It’s how you get from "safe enough" to being as resilient as possible, at any link in the chain.