.svg){kind=icon}
A simple measure of software dependency freshness. It is a single number telling you how up-to-date your dependencies are.
Schema.org is a collaborative, community activity with a mission to create, maintain, and promote schemas for structured data on the Internet, on web pages, in email messages, and beyond.
Schema.org vocabulary can be used with many different encodings, including RDFa, Microdata and JSON-LD. These vocabularies cover entities, relationships between entities and actions, and can easily be extended through a well-documented extension model. Over 10 million sites use Schema.org to markup their web pages and email messages. Many applications from Google, Microsoft, Pinterest, Yandex and others already use these vocabularies to power rich, extensible experiences.
Become a leader in email innovation. JMAP is the developer-friendly, open API standard for modern mail clients and applications to manage email faster.
It’s official! JMAP has been published by the Internet Engineering Task Force (IETF).
Open Initiative for Process Specifications.
The open source community is collaborating to establish common specifications for secure software development based on open source best practices.
Standardizing Feature Flagging for Everyone.
OpenFeature is an open specification that provides a vendor-agnostic, community-driven API for feature flagging that works with your favorite feature flag management tool or in-house solution.
A specification for developer-centric application definition used in Cloud Native Applications
The Compose Specification is a developer-focused standard for defining cloud and platform agnostic container-based applications.
This document defines a "problem detail" as a way to carry machine-readable details of errors in a HTTP response to avoid the need to define new error response formats for HTTP APIs.
OpenPubkey is an open source project that binds public keys and workload identities using standard SSO and OpenID Connect.
Use OpenPubkey today to SSH to machines on your network without SSH keys.
A proposed standard which allows websites to define security policies.
“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”
A protocol for peer-to-peer data stores. The best parts? Fine-grained permissions, a keen approach to privacy, destructive edits, and a dainty bandwidth and memory footprint.
A minimum security baseline for enterprise-ready products and services.
Minimum Viable Secure Product (MVSP) is a list of essential application security controls that should be implemented in enterprise-ready products and services. The controls are designed to be simple to implement and provide a good foundation for building secure and resilient systems and services. MVSP is based on the experience of contributors in enterprise application security and has been built with contributions from a range of companies.
The Green Standard Editing Protocol for Internet Publishing.
a set of rules and guidelines that can be used by humans and machines to determine whether a story is worth publishing, how to specifically improve the story’s content, and how to distribute the story with more reach and relevance.
Open Federation is a community-driven open source initiative to create and maintain a specification for federated GraphQL APIs. Be part of the future; let's craft together.
The penetration testing execution standard consists of seven (7) main sections.
These cover everything related to a penetration test - from the initial communication and reasoning behind a pentest, through the intelligence gathering and threat modeling phases where testers are working behind the scenes in order to get a better understanding of the tested organization, through vulnerability research, exploitation and post exploitation, where the technical security expertise of the testers come to play and combine with the business understanding of the engagement, and finally to the reporting, which captures the entire process, in a manner that makes sense to the customer and provides the most value to it.
Evolving the Prometheus exposition format into a standard.
OpenMetrics a specification built upon and carefully extending Prometheus exposition format in almost 100% backwards-compatible ways.
Making the Network Visible.
sFlow® is an industry standard technology for monitoring high speed switched networks. It gives complete visibility into the use of networks enabling performance optimization, accounting/billing for usage, and defense against security threats.
Hydra simplifies the development of interoperable, hypermedia-driven Web APIs
JSON for Linking Data.
Data is messy and disconnected. JSON-LD organizes and connects it, creating a better Web.
Filter your HTML the standards-compliant way!
HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.
An open source program office (OSPO) serves as the center of competency for an organization's open source operations and structure. It is responsible for defining and implementing strategies and policies to guide these efforts.