standard
We are uncovering a new way of building software by embracing AI, iteration, and human intuition.
The GDPR.txt file is a proposed standard which informs hosting providers about the personal data collected by softwares. It aims to simplify the compliance to the General Data Protection Regulation (GDPR) of hosting providers. Note that a GDPR.txt file is not enough to make your project GDPR compliant (but it will help).
Protect Payment Data with Industry-driven Security Standards, Training, and Programs.
Thread is a low-power and low-latency wireless mesh networking protocol built using open and proven standards. Thread solves the complexities of the IoT, addressing challenges such as interoperability, range, security, energy, and reliability. Thread networks have no single point of failure and include the ability to self-heal.
An Architectural Decision (AD) is a justified design choice that addresses a functional or non-functional requirement that is architecturally significant.
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.
JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
Related contents:
Architectural methodology for frontend projects.
Feature-Sliced Design (FSD) is an architectural methodology for scaffolding front-end applications. Simply put, it's a compilation of rules and conventions on organizing code. The main purpose of this methodology is to make the project more understandable and structured in the face of ever-changing business requirements.
Source: Architectures of modern Front-end applications @ BRACKETS' Medium.
Plus Codes are like street addresses for people or places that don’t have one. Instead of addresses with street names and numbers, Plus Codes are based on latitude and longitude, and displayed as numbers and letters. With a Plus Code, people can receive deliveries, access emergency and social services, or just help other people find them.
Content Security Policy Reference.
The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.
A framework for securing software update systems.
The Update Framework (TUF) maintains the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
Related contents:
Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.
The FinOps Open Cost and Usage Specification (FOCUS™) is an open-source specification that defines clear requirements for billing data generators to produce consistent cost and usage datasets.
Related contents:
A JavaScript browser API that allows the creation of a payment stream from the user agent to the website.
In an ideal world, I would wish SemVer to have 4 numbers: EPOCH.MAJOR.MINOR.PATCH. The EPOCH version is for those big announcements, while MAJOR is for technical incompatible API changes that might not be significant. This way, we can have a more granular way to communicate changes. Similarly, we also have Romantic Versioning that propose HUMAN.MAJOR.MINOR.
SimpleFIN (also SFIN) stands for Simple Financial Interchange and makes read-only financial interchange simple. It’s like RSS for financial information.
SimpleFIN is like a window on a safe: it lets people look at, but not touch your financial information. And you control who can look through the window!
Related contents:
A specification for developer-centric application definition used in Cloud Native Applications
The Compose Specification is a developer-focused standard for defining cloud and platform agnostic container-based applications.
ForgeFed is a federation protocol for software forges and code collaboration tools for the software development lifecycle and ecosystem. This includes repository hosting websites, issue trackers, code review applications, and more. ForgeFed provides a common substrate for people to create interoperable code collaboration websites and applications.
OpenPubkey is an open source project that binds public keys and workload identities using standard SSO and OpenID Connect.
Use OpenPubkey today to SSH to machines on your network without SSH keys.
We are uncovering better ways of developing software by doing it and helping others do it.
Open Federation is a community-driven open source initiative to create and maintain a specification for federated GraphQL APIs. Be part of the future; let's craft together.
Publish presentation-rich content from a concise and comprehensive authoring format.
AsciiDoc is a plain text markup language for writing technical content. It’s packed with semantic elements and equipped with features to modularize and reuse content. AsciiDoc content can be composed using a text editor, managed in a version control system, and published to multiple output formats.
JSON for Linking Data. Data is messy and disconnected. JSON-LD organizes and connects it, creating a better Web.
Schema.org is a collaborative, community activity with a mission to create, maintain, and promote schemas for structured data on the Internet, on web pages, in email messages, and beyond.
Schema.org vocabulary can be used with many different encodings, including RDFa, Microdata and JSON-LD. These vocabularies cover entities, relationships between entities and actions, and can easily be extended through a well-documented extension model. Over 10 million sites use Schema.org to markup their web pages and email messages. Many applications from Google, Microsoft, Pinterest, Yandex and others already use these vocabularies to power rich, extensible experiences.
Media over QUIC is a live media protocol powered by QUIC: a super-charged TCP/UDP replacement that powers HTTP/3. It’s being developed by the IETF and your favorite big tech companies such as Cloudflare, Google, Meta, Cisco, Akamai, etc.
Related contents:
Evolving the Prometheus exposition format into a standard.
OpenMetrics a specification built upon and carefully extending Prometheus exposition format in almost 100% backwards-compatible ways.
Podcasting 2.0 is making podcasting better for audiences, podcasters, and developers.
Podcasting 2.0 is a set of new features and standards that make podcasting better for everyone.
Podcasting 2.0 extends the RSS standard - the core technology that makes podcasting possible - to add new features. None of these features break any existing podcast feeds or podcast players, but, where supported, they enable podcasters to do more things, and enhance the experience for the audience.
CycloneDX Bill of Materials Standard.
CycloneDX is a modern standard for the software supply chain.
The International Standard for Bill of Materials (ECMA-424) The OWASP Foundation and Ecma International Technical Committee for Software & System Transparency (TC54) drive the continued advancement of the specification.
Related contents:
Filter your HTML the standards-compliant way!
HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.
Hydra simplifies the development of interoperable, hypermedia-driven Web APIs
A protocol for connecting any editor to any agent.
The Agent Client Protocol standardizes communication between code editors (IDEs, text-editors, etc.) and coding agents (programs that use generative AI to autonomously modify code).
Related contents:
Incrementally adoptable type-safety for your new and existing APIs. RPC-like client, contract, and server implementation for a pure REST API
ts-rest offers a simple way to define a contract for your API, which can be both consumed and implemented by your application, giving you end to end type safety without the hassle or code generation.
An open specification for enriching containers with development specific content and settings.
A Development Container (or Dev Container for short) allows you to use a container as a full-featured development environment. It can be used to run an application, to separate tools, libraries, or runtimes needed for working with a codebase, and to aid in continuous integration and testing. Dev containers can be run locally or remotely, in a private or public cloud.
Related contents:
This page describes the JSON Lines text format, also called newline-delimited JSON. JSON Lines is a convenient format for storing structured data that may be processed one record at a time. It works well with unix-style text processing tools and shell pipelines. It's a great format for log files. It's also a flexible format for passing messages between cooperating processes.
Making the Network Visible.
sFlow® is an industry standard technology for monitoring high speed switched networks. It gives complete visibility into the use of networks enabling performance optimization, accounting/billing for usage, and defense against security threats.
resumable file uploads.
tus is the open protocol standard for resumable and reliable file uploads across the web, facilitating efficient and seamless file transfer experiences.
A high performance, open source universal RPC framework. gRPC is a modern open source high performance Remote Procedure Call (RPC) framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed computing to connect devices, mobile applications and browsers to backend services.
Related contents:
Various specifications specify files and file formats. This specification defines where these files should be looked for by defining one or more base directories relative to which files should be located.
A proposal to standardise on using an /llms.txt file to provide information to help LLMs use a website at inference time.
We propose adding a /llms.txt markdown file to websites to provide LLM-friendly content. This file offers brief background information, guidance, and links to detailed markdown files.
llms.txt markdown is human and LLM readable, but is also in a precise format allowing fixed processing methods (i.e. classical programming techniques such as parsers and regex).
Related contents:
Become a leader in email innovation. JMAP is the developer-friendly, open API standard for modern mail clients and applications to manage email faster.
It’s official! JMAP has been published by the Internet Engineering Task Force (IETF).
Supply-chain Levels for Software Artifacts, or SLSA ("salsa").
SLSA is a specification for describing and incrementally improving supply chain security, established by industry consensus. It is organized into a series of levels that describe increasing security guarantees.
It’s a security framework, a checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure. It’s how you get from "safe enough" to being as resilient as possible, at any link in the chain.
Related contents:
A đź’Ś to the humans maintaining computer configurations.
KSON combines the best aspects of JSON and YAML—robust and efficient like JSON, clean and readable like YAML. KSON is designed to be toolable and has a flexible syntax that is usually auto-formatted to look like this:
Related contents:
Open Initiative for Process Specifications.
The open source community is collaborating to establish common specifications for secure software development based on open source best practices.
An open protocol enabling communication and interoperability between opaque agentic applications.
One of the biggest challenges in enterprise AI adoption is getting agents built on different frameworks and vendors to work together. That’s why we created an open Agent2Agent (A2A) protocol, a collaborative way to help agents across different ecosystems communicate with each other.
Related contents:
I think all technical writers, at some point or another, feel the urge to base their work on something more systematic than “it’s just the way folks documented stuff since forever”. Toolkits and frameworks provide content types, which is immensely valuable when you know what you want to write, but starting from there is like buying a hammer without knowing that half of the work you’ll do is turning screws. As I find the lack of deeper conversation around this topic rather unsettling, I decided to contribute some verses.
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards compatible manner, and
PATCH version when you make backwards compatible bug fixes.
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
Software Sharing for Modern Businesses.
Engage the developer community with your company's core software products. Fair Source Software (FSS):
- is publicly available to read;
- allows use, modification, and redistribution with minimal restrictions to protect the producer’s business model; and
- undergoes delayed Open Source publication (DOSP).
The intention is for the first point to be a bright line, and for the second to invite exploration. We expect Fair Source licenses to emerge and evolve and shake out into a few clear winners over time, as companies apply Fair Source within their own particular business context.
The penetration testing execution standard consists of seven (7) main sections.
These cover everything related to a penetration test - from the initial communication and reasoning behind a pentest, through the intelligence gathering and threat modeling phases where testers are working behind the scenes in order to get a better understanding of the tested organization, through vulnerability research, exploitation and post exploitation, where the technical security expertise of the testers come to play and combine with the business understanding of the engagement, and finally to the reporting, which captures the entire process, in a manner that makes sense to the customer and provides the most value to it.
A novice wanted to learn the Tao of Backup. The master said: To become enlightened, you must master the seven heads of Backup. He who knows the heads will keep all his data forever.
A simple measure of software dependency freshness. It is a single number telling you how up-to-date your dependencies are.
Welcome to the open source Citation Style Language (CSL) project! Our goal is to facilitate scholarly publishing by automating the formatting of citations and bibliographies. We develop the Citation Style Language and maintain a crowdsourced repository with over 10,000 free CSL citation styles.
This document defines a "problem detail" as a way to carry machine-readable details of errors in a HTTP response to avoid the need to define new error response formats for HTTP APIs.
A minimum security baseline for enterprise-ready products and services.
Minimum Viable Secure Product (MVSP) is a list of essential application security controls that should be implemented in enterprise-ready products and services. The controls are designed to be simple to implement and provide a good foundation for building secure and resilient systems and services. MVSP is based on the experience of contributors in enterprise application security and has been built with contributions from a range of companies.
A standard Business Process Model and Notation (BPMN) will provide businesses with the capability of understanding their internal business procedures in a graphical notation and will give organizations the ability to communicate these procedures in a standard manner. Furthermore, the graphical notation will facilitate the understanding of the performance collaborations and business transactions between the organizations. This will ensure that businesses will understand themselves and participants in their business and will enable organizations to adjust to new internal and B2B business circumstances quickly.
YAML is a human-friendly data serialization language for all programming languages.
Related contents:
MessagePack is an extremely efficient object serialization library. It's like JSON, but very fast and small.
It's like JSON. but fast and small. MessagePack is an efficient binary serialization format. It lets you exchange data among multiple languages like JSON. But it's faster and smaller. Small integers are encoded into a single byte, and typical short strings require only one extra byte in addition to the strings themselves.
Related contents:
JSON for Humans.
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). It is not intended to be used for machine-to-machine communication. (Keep using JSON or other file formats for that. 🙂)
Related contents:
GeoJSON is a format for encoding a variety of geographic data structures.
GeoJSON supports the following geometry types: Point, LineString, Polygon, MultiPoint, MultiLineString, and MultiPolygon. Geometric objects with additional properties are Feature objects. Sets of features are contained by FeatureCollection objects.
An open source program office (OSPO) serves as the center of competency for an organization's open source operations and structure. It is responsible for defining and implementing strategies and policies to guide these efforts.
Patch codes are a set of 6 distinct barcode patterns (1, 2, 3, 4, 6 and T) that are typically used as document separators when scanning.
A specification for building APIs in JSON.
Documentation for the application/vnd.api+json media type, a specification for APIs that use JSON.
If you’ve ever argued with your team about the way your JSON responses should be formatted, JSON:API can help you stop the bikeshedding and focus on what matters: your application. By following shared conventions, you can increase productivity, take advantage of generalized tooling and best practices. Clients built around JSON:API are able to take advantage of its features around efficiently caching responses, sometimes eliminating network requests entirely.