Links:
FreeBSD Foundation Releases Bhyve and Capsicum Security Audit Funded by Alpha-Omega Project URL: https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/
How FreeBSD security audits have improved our security culture URL: https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/
Home of the ORC WG URL: https://github.com/orcwg/orcwg
FreeBSD Foundation: Contact Us URL: https://freebsdfoundation.org/about-us/contact-us/
Open Source Vulnerability schema (OSV Schema) URL: https://openssf.org/projects/osv-schema/
ossf/osv-schema tools: import a conversion tool to and from VuXML (#237) URL: https://github.com/ossf/osv-schema/pull/237

Contact: Pierre Pronchery <pierre@freebsdfoundation.org>

My tasks at the FreeBSD Foundation continue to revolve around Security Engineering for the FreeBSD Project.

First, we keep working on the outcome of the source code audit on bhyve and Capsicum, documenting and researching how to prevent and mitigate similar issues from occurring again in the future. This includes the processes relevant for contributions to the FreeBSD Project, as well as the preparation of a joint presentation with Alpha-Omega at the BSD Devroom during the coming FOSDEM conference in 2025.

At the same time, I am liaising with the Open Regulatory Compliance Working Group (ORC WG), where an FAQ is being elaborated jointly by a number of stakeholders on the European Union’s newly introduced Cyber Resilience Act (CRA). This is all related to our ongoing collaboration with OpenSSF, notably the self-assessment initiative; note that the FreeBSD Foundation can provide assistance in this regard for projects deploying FreeBSD.

Finally, possibilities around the integration of OSV tooling into the FreeBSD ecosystem are under investigation as well.

Sponsored by: The FreeBSD Foundation