Commit a9141996 by Jun Matsushita

Fix links

parent a14cbfb8
Pipeline #2391 failed with stages
in 2 minutes 33 seconds
......@@ -8,6 +8,6 @@ title: Blog
<div class="docs-section">
{{#each site.posts}}
<h3><a href="{{ ../site.baseurl }}/blog/{{ datebasename }}">{{ title }}</a>&nbsp;<small>{{ moment date "YYYY-MM-DD"}}</small></h3>
<p>{{#if children }}{{ children.[0] }}{{/if}} <a href="{{ ../site.baseurl }}/blob/{{ datebasename }}">More...</a></p>
<p>{{#if children }}{{ children.[0] }}{{/if}} <a href="{{ ../site.baseurl }}/blog/{{ datebasename }}">More...</a></p>
{{/each}}
</div>
......@@ -3,7 +3,7 @@ layout: post
title: Booting up Open Integrity
---
If you've been following the Open Integrity Index, you will have noticed that after [our initial efforts in 2013](https://wiki.openintegrity.org/doku.php?id=workplan), the project has been on hold. During this first phase, we developed the foundations for [our criteria](https://wiki.openintegrity.org/doku.php?id=criteria_subcriteria_claim) and setup [a beta platform](https://openintegrity.org/v1). We now advance with [new funders](../../about#funding-partners) to develop the next step of the project with us.
If you've been following the Open Integrity Index, you will have noticed that after ~~[our initial efforts in 2013]()~~ [Update: the old wiki has been taken down.], the project has been on hold. During this first phase, we developed the foundations for ~~[our criteria]()~~ and setup [a beta platform](/v1). We now advance with [new funders](../../about#funding-partners) to develop the next step of the project with us.
<!--more-->
......@@ -20,4 +20,4 @@ Data about the adoption of security and privacy best practices are often difficu
- Which have security features that are **usable without prior expertise or training**?
- Which can be **downloaded securely and verified** to be authentic?
This is what we're setting out to answer. In the next 6 months we'll focus on [developing partnerships](../../partners#measurement) in order to **define metrics and collect data** that will be available for an audience of professionals (software engineers, trainers, advocacy organizations) and will help provide answers about best practices adoption.
This is what we're setting out to answer. In the next 6 months we'll focus on [developing partnerships](../../framework/partnerships) in order to **define metrics and collect data** that will be available for an audience of professionals (software engineers, trainers, advocacy organizations) and will help provide answers about best practices adoption.
......@@ -7,7 +7,7 @@ On the 1st of April 2016, the Open Integrity Initiative (OII) team gathered wit
<!--more-->
As a starting point, the workshop built on the list of hundred of metrics assembled by the OII team over the past two years about software development features such as governance, systems, architecture, build and user experience. We used the OII participative framework [http://openintegrity.github.io/openintegrity.org/framework/workflow/meta/] to guide the development of partnerships and infrastructure to capture metrics about software practices ensuring users' privacy and security. Following this interactive process, we asked participants to share their own experiences or scenarios concerning these issues.
As a starting point, the workshop built on the list of hundred of metrics assembled by the OII team over the past two years about software development features such as governance, systems, architecture, build and user experience. We used the [OII participative framework](/framework/workflow/meta/) to guide the development of partnerships and infrastructure to capture metrics about software practices ensuring users' privacy and security. Following this interactive process, we asked participants to share their own experiences or scenarios concerning these issues.
Through the discussions, the framework allowed us to collect meaningful feedback to understand how specific practices mitigate specific threats in a constantly evolving context. This meeting also gave us the opportunity to collect insights regarding the debates currently at stake in this field of expertise. It is essential for us to encapsulate this information in available metrics to improve the transparency, reproducibility and traceability of the issues and assumptions.
......
......@@ -31,7 +31,7 @@ We gain a lot of good things from this. **Traceability** (if the metadata about
Finally it's just a good pattern for scalability. Both for performance (it generally goes hand in hand with CQRS, i.e. separating reads from writes - which means accepting a world of eventual consistency), and for "ease to reason about" which helps when applications get more complex. It has a cost too, which is that it's more exotic than traditional RDBMS based approaches and that there are less frameworks available.
We ended up choosing CouchDB as our event store for the first phase of the project given that it has eventual consistency as its core. Has a polyglot app framework (Erlang, JS, Python and even Haskell) and that we had some past experiences with it. The map reduce incremental views seemed like a good fit for doing [Projections](http://localhost:9000/architecture/#data-projections) too.
We ended up choosing CouchDB as our event store for the first phase of the project given that it has eventual consistency as its core. Has a polyglot app framework (Erlang, JS, Python and even Haskell) and that we had some past experiences with it. The map reduce incremental views seemed like a good fit for doing [Projections](/architecture/#data-projections) too.
## Data Models
......
......@@ -49,7 +49,7 @@ Consultation about **existing and new practices for software projects** which im
</div>
</div>
<div class="one-third column category">
#### [Metrics](https://meta.openintegrity/metrics/)
#### [Metrics](https://meta.openintegrity.org/metrics/)
Consultation and development of **partnerships with existing measurements efforts** which help **evaluate the adoption practices** which impact end user security and privacy.
<div class="center-block" style="max-width:250px">
<a href="https://meta.openintegrity.org/metrics/" class="button button-primary">Join the Consultation</a>
......
......@@ -16,10 +16,10 @@ The following practices realted to the design aspect of software development are
## Ease of Use
- [Provides different interfaces for beginner and advanced users](../events/rightscon/design/different_interface_for_beginners)
- [Provides different interfaces for beginner and advanced users](../events/2016-practice-workshop-rightscon/design/different_interface_for_beginners)
- Uses language appropriate for beginners
- Provides a clear description of what will result from user choices
- Includes recommended settings
- Includes recommended settings
- Includes configuration templates
- Provides a consistent interface across platforms
- Allows users to reset to default configuration
......@@ -34,13 +34,13 @@ The following practices realted to the design aspect of software development are
- Provides pictoral guides that do not require translation
- Leverages iconographic/pictoral interface that does not require translation
- Provides translated documentation
- Provides translated documentation
- Provides translated interface
## User Education
- [Includes In-app guides](../events/rightscon/design/in-app_guides)
- [Provides a clear "introduction"](../events/rightscon/design/clear_introduction)
- [Includes In-app guides](../events/2016-practice-workshop-rightscon/design/in-app_guides)
- [Provides a clear "introduction"](../events/2016-practice-workshop-rightscon/design/clear_introduction)
- Tells users where to find trusted expertise (mailing lists, support forums, etc.)
- Provides an easy path to the right documentation on a given topic
- Provides a comparison with other tools
......@@ -60,12 +60,12 @@ The following practices realted to the design aspect of software development are
## Notifications
- Relies on confusing or misleading notifications
- Relies on confusing or misleading notifications
- Does not provide notifications about (e.g. about key verification status)
## Data Permissions
## Data Permissions
- [Implements a clear data disposal policy](../events/rightscon/design/data_disposal_policy)
- [Implements a clear data disposal policy](../events/2016-practice-workshop-rightscon/design/data_disposal_policy)
## User feedback
......
......@@ -12,8 +12,8 @@ The following practices realted to the technology aspect of software development
## Distribution of Software
- [Distributes software through signed packages](../events/rightscon/technology/signed-packages)
- [Provides binary for HTTPS download with HSTS](../events/rightscon/technology/hsts_download)
- [Distributes software through signed packages](../events/2016-practice-workshop-rightscon/technology/signed-packages)
- [Provides binary for HTTPS download with HSTS](../events/2016-practice-workshop-rightscon/technology/hsts_download)
- Provides binary for HTTPS download
- Hosts checksums for binary through HTTPS
- Makes binary available in repository or app store, signed by repository administrator
......@@ -26,8 +26,8 @@ The following practices realted to the technology aspect of software development
## Development Team
- [Enforces strong "hygiene" practices on developers' machines](../events/rightscon/technology/software-hygiene-practices)
- [Provides developer documentation (specs, threat model, etc.)](../events/rightscon/technology/developer-documentation)
- [Enforces strong "hygiene" practices on developers' machines](../events/2016-practice-workshop-rightscon/technology/software-hygiene-practices)
- [Provides developer documentation (specs, threat model, etc.)](../events/2016-practice-workshop-rightscon/technology/developer-documentation)
- Produces *reproducible builds*
- Uses dedicated machines for development
- Uses automation tools for scanning
......@@ -38,4 +38,3 @@ The following practices realted to the technology aspect of software development
- Distributes malware in the installation package or binary blog
- Inserts malicious code into the product before build
- Builds software on development machines inflicted with malware
---
layout: page
title: V1 - Offline
---
## Offline
We've taken Open Integrity v1 down. Stay tuned for the new version.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment