Foundations#
Center for Internet Security (CIS)
The Center for Internet Security (CIS) is a 501©(3) organization is dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. CIS’s Mission is to: Identify, develop, validate, promote, and sustain best practices in cybersecurity; Deliver world-class security solutions to prevent and rapidly respond to cyber incidents; and Build and lead communities to enable an environment of trust in cyberspace.
CA/Browser Forum
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).
Global Encryption Coalition
The Global Encryption Coalition promotes and defends encryption in key countries and multilateral fora where it is under threat. The foundation also provides crucial resources to learn more on encryption.
IDPro Body of Knowledge
The IDPro Body of Knowledge is a compilation of IAM crucial up-to-date knowledge. This content is created and reviewed by the IAM professionals. All articles are peer reviewed. Within this resource you can find an ‘IAM Reference Architecture’, articles on ‘Authentication and Authorization’ and more content regarding IAM (Identity and Access Management).
Open Source Technology Improvement Fund
The Open Source Technology Improvement Fund is a corporate non-profit dedicated to securing open source apps that we all depend on. Securing software isn’t easy, and we know what it takes to succeed. By facilitating security audits and reviews, OSTIF makes it easy for projects to significantly improve security.
Open Source Security Foundation
Part of the Linux Foundation. The OpenSSF is the host for several large projects that focus on improving FOSS security.
The Cyber Security Body Of Knowledge
A comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. A great collection of resources that cover all aspects of cyber security.
The Shadowserver Foundation
Since our founding in 2004, The Shadowserver Foundation has become one of the world’s leading resources for Internet security reporting and malicious activity investigation. When we started, we were staffed entirely by volunteers. Today, we employ a full-time team and maintain a global infrastructure spanning 80 countries. Shadowserver scans the entire IPv4 Internet for over 100 different network protocols every day, and also performs IPv6 scans based on IPv6 hitlists for selected protocols. These are “hello” type port scans that do not exploit any vulnerability. Check the daily dashboard provided by this foundation.
Trusted CI
The Trusted CI Framework is a minimum standard for cybersecurity programs. The mission of Trusted CI Foundation is to improve the cybersecurity of NSF computational science and engineering projects, while allowing those projects to focus on their science endeavors. This foundation provides great templates and tools ready to use!
Objective-See Foundation
Foundation focusses on free, open-source macOS security tools. And is known for organising the macOS security conference, “Objective by the Sea” (#OBTS).
OpenChain Project
Linux Foundation project. The OpenChain Project is focused on commercial and non-commercial open source process management in the supply chain. Maintains OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974 These ISO/IEC standards are at no cost available using this link.
OpenSCAP
The OpenSCAP project provides tools to improve security of your infrastructure using open source tools. This project is founded by RedHat and the tools are NIST certified. Use of the tools is encouraged if your systems or infrastructure needs to meet NIST (or other US) security standards.
Open Source IT Risk Management
Focuses on the Security Officers and on helping them in doing their daily business as comfortable as possible. The main goals of SOMAP.org are to develop and maintain: - Guides and Handbooks explaining and describing Risk Management. - an open and free ‘best practice’ Risk Model Repository with security objectives, threats and other risk related meta-data.
The OpenChain Project
A Linux Foundation project. The OpenChain Project is solely focused on commercial and non-commercial open source process management in the supply chain. Lots of resources and cc-by or cc0 licensed. Also the ISO/IEC 5230 developed by this project is available.
Trusted CI
Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities and have an established track record of usable, high-quality solutions suited to the needs of those communities. The team draws from best operational practices and includes leaders in the research and development of new methodologies and high-quality implementations. Trusted CI offers a great collection of valuable resources to help cybersecurity professionals. Almost all content is open and published under a Creative Commons Attribution-NonCommercial 3.0 Unported (CC BYNC 3.0) license.
Security Research Legal Defense Fund
We aim to help fund legal representation for persons who face legal issues due to good faith security research and vulnerability disclosure in cases that would advance cybersecurity for the public interest.
FIRST
FIRST is the premier organization and recognized global leader in incident response.
Global Encryption Coalition
The Global Encryption Coalition promotes and defends encryption in key countries and multilateral fora where it is under threat. The foundation also provides crucial resources to learn more on encryption.
Memory Safety
Prossimo is an Internet Security Research Group (ISRG) project.
Internet Security Research Group
Our mission is to protect Internet users by lowering monetary, technological, and informational barriers to a more secure and privacy-respecting Internet.
Spamhaus Project
Spamhaus Project is the authority on IP and domain reputation.