Open Source Software Supply Chain Security starts with developers

Mikaël Barbero

Open Source Software Supply Chain is at risk: threat actors are shifting target to amplify the blast radius of their attacks and as such increasing their return on investment. Over the past 3 years, we’ve witnessed an astonishing 742% average annual increase in Software Supply Chain attacks. To make it worse, the attack surface of the supply chain is wide. Covering it all requires a deep scrutinity of many factors. However, there is a simple thing, easy, and free, that every open source developer should do right now: activate multi factor authentication (also known as two factor authentication) on all development related accounts.

Enforcing HTTPS on the Eclipse Marketplace

Enforcing HTTPS on the Eclipse Marketplace

Mikaël Barbero

As stewards of the Eclipse Marketplace, the Eclispe Foundation is responsible for providing a safe place for the Eclipse IDE users to download their plugins. While the Eclipse Marketplace does not host or transmit the plugins bits, it provides links to (p2) repositories containing them. Until today, there was no restriction on those links.

Beginning December 15, 2022, the Eclipse Marketplace will no longer support links to repositories over plain HTTP. The goal is to protect users of the Eclipse Marketplace from the main risk of plain HTTP links: man-in-the-middle (MITM) attacks.

Chromium / Eclipse SWT integration

Mikaël Barbero
Key takeaways: Do you want to see a Chromium based SWT Browser implementation? Please donate (or reach out to me if you want to do corporate donations) and the Eclipse Foundation will make it happens via the Friends of Eclipse Enhancement Program (FEEP). Browser support in SWT has always been a complicated story. By default (meaning without any hint from the application developers and the users), SWT relies on “native” renderers (Internet Explorer on Windows, WebKit on macOS and WebKitGTK+ or Mozilla/XULRunner on Linux).

I’m going to Devoxx US, and you should go as well!

Mikaël Barbero

For the very first time, a Devoxx conference is happening in the USA, in San Jose, CA. It starts on March 21, 2017 and is 3 days long. Devoxx conferences are famous in Europe (organized in Belgium, France, UK, Poland, and Morocco) for their high quality talks from amazing speakers. They are also very high rated because it is organized by developers for developers. Talks are all highly technical and the required experience from the targeted audience ranges from beginners to experts. So, with more than 200 sessions (chosen from 750 submissions!), everyone is able to craft its very own personal conference schedule. Do not trust me, check the program by yourself!