CINXE.COM

Security | The Eclipse Foundation

<!doctype html><html lang=en><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1"><title>Security | The Eclipse Foundation</title> <meta property="og:title" content="Security | The Eclipse Foundation"><meta name=twitter:title content="Security | The Eclipse Foundation"><meta name=description content="Security initiatives to ensure the integrity and reliability of the software our community creates and relies on."><meta property="og:description" content="Security initiatives to ensure the integrity and reliability of the software our community creates and relies on."><meta name=twitter:description content="Security initiatives to ensure the integrity and reliability of the software our community creates and relies on."><link href=/favicon.ico rel=icon type=image/x-icon><meta property="og:image" content="https://www.eclipse.org/images/logos/eclipse-foundation-400x400.png"><meta name=twitter:image content="https://www.eclipse.org/images/logos/eclipse-foundation-400x400.png"><meta name=twitter:card content="summary"><meta name=twitter:site content="@eclipsefdn"><meta name=twitter:creator content="@eclipsefdn"><meta property="og:url" content="https://www.eclipse.org/security/"><meta property="og:type" content="website"><meta property="og:site_name" content="Eclipse Foundation"><meta name=keywords content="OSS Security,Software Security,Report a Vulnerability"><meta name=generator content="Hugo 0.144.2"><link rel=canonical href=https://www.eclipse.org/security/><link rel=alternate href=/security/index.xml type=application/rss+xml title><link rel=stylesheet href="/public/css/styles.css?v=1743448706"><script>(function(e,t,n,s,o){e[s]=e[s]||[],e[s].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var a=t.getElementsByTagName(n)[0],i=t.createElement(n),r=s!="dataLayer"?"&l="+s:"";i.async=!0,i.src="https://www.googletagmanager.com/gtm.js?id="+o+r,a.parentNode.insertBefore(i,a)})(window,document,"script","dataLayer","GTM-5WLCZXC")</script><script>var tableClasses="table"</script><link href="https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap" rel=stylesheet type=text/css></head><body><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5WLCZXC" height=0 width=0 style=display:none;visibility:hidden></iframe></noscript><a class=sr-only href=#content>Skip to main content</a><header class="header-wrapper security-page" id=header><div class=header-toolbar><div class=container><div class=header-toolbar-row><div class="toolbar-btn toolbar-search-btn dropdown"><button class=dropdown-toggle id=toolbar-search type=button data-toggle=dropdown tabindex=0 aria-label=Search> <i class="fa fa-search fa-lg" aria-role=none></i></button><div class="toolbar-search-bar-wrapper dropdown-menu dropdown-menu-right" aria-labelledby=toolbar-search><form action=https://www.eclipse.org/home/search method=get><div class=search-bar><input class=search-bar-input name=q placeholder=Search> <button> <i class="fa fa-search" type=submit></i></button></div></form></div></div><div class="toolbar-btn toolbar-user-menu-btn dropdown"><button class=dropdown-toggle id=toolbar-user-menu type=button data-toggle=dropdown tabindex=0 aria-label="User Menu"> <i class="fa fa-user fa-lg"></i></button><ul class="toolbar-user-menu dropdown-menu dropdown-menu-right text-center" aria-labelledby=toolbar-user-menu><li><a href=https://accounts.eclipse.org/user><i class="fa fa-user"></i> View My Account</a></li><li><a href=https://accounts.eclipse.org/user/edit><i class="fa fa-edit"></i> Edit My Account</a></li><li><a class=toolbar-manage-cookies><i class="fa fa-wrench"></i> Manage Cookies</a></li></ul></div></div></div></div><div class=header-navbar-wrapper><div class=container><div class=header-navbar><div class=header-navbar-brand><a class=logo-wrapper href=/ title="Eclipse Foundation"><img src=https://www.eclipse.org/eclipse.org-common/themes/solstice/public/images/logo/eclipse-foundation-grey-orange.svg alt width=150></a></div><nav class=header-navbar-nav><ul class=header-navbar-nav-links><li class=navbar-nav-links-item><button class="nav-link-js btn-link link-unstyled" type=button aria-expanded=true data-menu-target=projects-menu> Projects</button></li><li class=navbar-nav-links-item><button class="nav-link-js btn-link link-unstyled" type=button aria-expanded=true data-menu-target=supporters-menu> Supporters</button></li><li class=navbar-nav-links-item><button class="nav-link-js btn-link link-unstyled" type=button aria-expanded=true data-menu-target=collaborations-menu> Collaborations</button></li><li class=navbar-nav-links-item><button class="nav-link-js btn-link link-unstyled" type=button aria-expanded=true data-menu-target=resources-menu> Resources</button></li><li class=navbar-nav-links-item><button class="nav-link-js btn-link link-unstyled" type=button aria-expanded=true data-menu-target=the-foundation-menu> The Foundation</button></li></ul></nav><div class=header-navbar-end><a class="header-navbar-end-download-btn btn btn-primary" href=/downloads/ id=download-now-top-nav-20250207><i class=fa aria-hidden=true></i> Download </a><button class=mobile-menu-btn aria-label="Toggle mobile navigation menu" aria-expanded=false> <i class="fa fa-bars fa-xl"></i></button></div></div></div></div><nav class="mobile-menu hidden" aria-expanded=false><ul><li class=mobile-menu-dropdown><a class="mobile-menu-item mobile-menu-dropdown-toggle" data-target=projects-menu><span>Projects</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu hidden" id=projects-menu><li class=mobile-menu-dropdown><a data-target=projects-technologies-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Technologies</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=projects-technologies-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/topics/ide/>Developer Tools & IDEs</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/topics/cloud-native/>Cloud Native</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/topics/edge-and-iot/>Edge & IoT</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/topics/automotive-and-mobility/>Automotive & Mobility</a></li></ul></div></li><li class=mobile-menu-dropdown><a data-target=projects-projects-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Projects</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=projects-projects-sub-menu><li><a class=mobile-menu-item href=https://projects.eclipse.org/>Project Finder</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/projects/project_activity.php>Project Activity</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/projects/resources/>Project Resources</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/specifications/>Specifications</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/contribute/>Contribute</a></li></ul></div></li></ul></div></li><li class=mobile-menu-dropdown><a class="mobile-menu-item mobile-menu-dropdown-toggle" data-target=supporters-menu><span>Supporters</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu hidden" id=supporters-menu><li class=mobile-menu-dropdown><a data-target=supporters-membership-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Membership</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=supporters-membership-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/membership/explore-membership/>Our Members</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/membership/>Member Benefits</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/membership/#tab-levels>Membership Levels & Fees</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/membership/#tab-membership>Membership Application</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/membership/#tab-resources>Member Resources</a></li><li><a class=mobile-menu-item href=https://membership.eclipse.org/portal>Member Portal</a></li></ul></div></li><li class=mobile-menu-dropdown><a data-target=supporters-sponsorship-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Sponsorship</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=supporters-sponsorship-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/sponsor/>Sponsor</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/sponsor/collaboration/>Sponsor a Collaboration</a></li></ul></div></li></ul></div></li><li class=mobile-menu-dropdown><a class="mobile-menu-item mobile-menu-dropdown-toggle" data-target=collaborations-menu><span>Collaborations</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu hidden" id=collaborations-menu><li class=mobile-menu-dropdown><a data-target=collaborations-industry-collaborations-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Industry Collaborations</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=collaborations-industry-collaborations-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/collaborations/>About Industry Collaborations</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/workinggroups/explore.php>Current Collaborations</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/workinggroups/about.php>About Working Groups</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/collaborations/interest-groups/>About Interest Groups</a></li></ul></div></li><li class=mobile-menu-dropdown><a data-target=collaborations-research-collaborations-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Research Collaborations</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=collaborations-research-collaborations-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/research/>Research @ Eclipse</a></li></ul></div></li></ul></div></li><li class=mobile-menu-dropdown><a class="mobile-menu-item mobile-menu-dropdown-toggle" data-target=resources-menu><span>Resources</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu hidden" id=resources-menu><li class=mobile-menu-dropdown><a data-target=resources-open-source-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Open Source for Business</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=resources-open-source-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/org/value/>Business Value of Open Source</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/os4biz/ospo/>Open Source Program Offices</a></li></ul></div></li><li class=mobile-menu-dropdown><a data-target=resources-happening-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>What's Happening</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=resources-happening-sub-menu><li><a class=mobile-menu-item href=https://newsroom.eclipse.org/>News</a></li><li><a class=mobile-menu-item href=https://events.eclipse.org/>Events</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/community/eclipse_newsletter/>Newsletter</a></li><li><a class=mobile-menu-item href=https://newsroom.eclipse.org/news/press-releases>Press Releases</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/foundation/eclipseawards/>Awards & Recognition</a></li></ul></div></li><li class=mobile-menu-dropdown><a data-target=resources-developer-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Developer Resources</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=resources-developer-sub-menu><li><a class=mobile-menu-item href=https://eclipse.org/forums/>Forum</a></li><li><a class=mobile-menu-item href=https://accounts.eclipse.org/mailing-list>Mailing Lists</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/blogs-and-videos/>Blogs & Videos</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/resources/marketplaces/>Marketplaces</a></li></ul></div></li></ul></div></li><li class=mobile-menu-dropdown><a class="mobile-menu-item mobile-menu-dropdown-toggle" data-target=the-foundation-menu><span>The Foundation</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu hidden" id=the-foundation-menu><li class=mobile-menu-dropdown><a data-target=the-foundation-about-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>About</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=the-foundation-about-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/org/>About the Eclipse Foundation</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/governance/>Board & Governance</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/foundation/staff.php>Staff</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/services/>Services</a></li></ul></div></li><li class=mobile-menu-dropdown><a data-target=the-foundation-legal-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>Legal</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=the-foundation-legal-sub-menu><li><a class=mobile-menu-item href=https://www.eclipse.org/legal/>Legal Policies</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/legal/privacy/>Privacy Policy</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/legal/terms-of-use/>Terms of Use</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/legal/compliance/>Compliance</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/legal/epl-2.0/>Eclipse Public License</a></li></ul></div></li><li class=mobile-menu-dropdown><a data-target=the-foundation-more-sub-menu class="mobile-menu-item mobile-menu-dropdown-toggle" aria-expanded=false><span>More</span> <i class="fa fa-chevron-down" aria-hidden=true></i></a><div class=mobile-menu-sub-menu-wrapper><ul class="mobile-menu-sub-menu mobile-menu-links-menu hidden" id=the-foundation-more-sub-menu><li><a class=mobile-menu-item href=https://newsroom.eclipse.org/news/press-releases>Press Releases</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/careers/>Careers</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/artwork/>Logos & Artwork</a></li><li><a class=mobile-menu-item href=https://www.eclipse.org/org/foundation/contact.php>Contact Us</a></li></ul></div></li></ul></div></li></ul></nav><div class=eclipsefdn-mega-menu><div class="mega-menu-submenu container hidden" data-menu-id=projects-menu><div class=mega-menu-submenu-featured-story><p class=mega-menu-submenu-featured-story-heading>Projects</p><p class=mega-menu-submenu-featured-story-text>The Eclipse Foundation is home to the Eclipse IDE, Jakarta EE, and hundreds of open source projects, including runtimes, tools, specifications, and frameworks for cloud and edge applications, IoT, AI, automotive, systems engineering, open processor designs, and many others.</p></div><div class=mega-menu-submenu-links-section><div class=mega-menu-submenu-links><p class=menu-heading>Technologies</p><ul><li><a href=https://www.eclipse.org/topics/ide/>Developer Tools & IDEs</a></li><li><a href=https://www.eclipse.org/topics/cloud-native/>Cloud Native</a></li><li><a href=https://www.eclipse.org/topics/edge-and-iot/>Edge & IoT</a></li><li><a href=https://www.eclipse.org/topics/automotive-and-mobility/>Automotive & Mobility</a></li></ul></div><div class=mega-menu-submenu-links><p class=menu-heading>Projects</p><ul><li><a href=https://projects.eclipse.org/>Project Finder</a></li><li><a href=https://www.eclipse.org/projects/project_activity.php>Project Activity</a></li><li><a href=https://www.eclipse.org/projects/resources/>Project Resources</a></li><li><a href=https://www.eclipse.org/specifications/>Specifications</a></li><li><a href=https://www.eclipse.org/contribute/>Contribute</a></li></ul></div></div><div class=mega-menu-submenu-ad-wrapper><div class="eclipsefdn-mega-menu-promo-content mega-menu-promo-content" data-ad-format=ads_square data-ad-publish-to=eclipse_org_home></div></div></div><div class="mega-menu-submenu container hidden" data-menu-id=supporters-menu><div class=mega-menu-submenu-featured-story><p class=mega-menu-submenu-featured-story-heading>Supporters</p><p class=mega-menu-submenu-featured-story-text>The Eclipse Foundation is an international non-profit association supported by our members, including industry leaders who value open source as a key enabler for their business strategies.</p></div><div class=mega-menu-submenu-links-section><div class=mega-menu-submenu-links><p class=menu-heading>Membership</p><ul><li><a href=https://www.eclipse.org/membership/explore-membership/>Our Members</a></li><li><a href=https://www.eclipse.org/membership/>Member Benefits</a></li><li><a href=https://www.eclipse.org/membership/#tab-levels>Membership Levels & Fees</a></li><li><a href=https://www.eclipse.org/membership/#tab-membership>Membership Application</a></li><li><a href=https://www.eclipse.org/membership/#tab-resources>Member Resources</a></li><li><a href=https://membership.eclipse.org/portal>Member Portal</a></li></ul></div><div class=mega-menu-submenu-links><p class=menu-heading>Sponsorship</p><ul><li><a href=https://www.eclipse.org/sponsor/>Sponsor</a></li><li><a href=https://www.eclipse.org/sponsor/collaboration/>Sponsor a Collaboration</a></li></ul></div></div><div class=mega-menu-submenu-ad-wrapper><div class="eclipsefdn-mega-menu-promo-content mega-menu-promo-content" data-ad-format=ads_square data-ad-publish-to=eclipse_org_home></div></div></div><div class="mega-menu-submenu container hidden" data-menu-id=collaborations-menu><div class=mega-menu-submenu-featured-story><p class=mega-menu-submenu-featured-story-heading>Collaborations</p><p class=mega-menu-submenu-featured-story-text>Whether you intend on contributing to Eclipse technologies that are important to your product strategy, or simply want to explore a specific innovation area with like-minded organisations, the Eclipse Foundation is the open source home for industry collaboration.</p></div><div class=mega-menu-submenu-links-section><div class=mega-menu-submenu-links><p class=menu-heading>Industry Collaborations</p><ul><li><a href=https://www.eclipse.org/collaborations/>About Industry Collaborations</a></li><li><a href=https://www.eclipse.org/org/workinggroups/explore.php>Current Collaborations</a></li><li><a href=https://www.eclipse.org/org/workinggroups/about.php>About Working Groups</a></li><li><a href=https://www.eclipse.org/collaborations/interest-groups/>About Interest Groups</a></li></ul></div><div class=mega-menu-submenu-links><p class=menu-heading>Research Collaborations</p><ul><li><a href=https://www.eclipse.org/research/>Research @ Eclipse</a></li></ul></div></div><div class=mega-menu-submenu-ad-wrapper><div class="eclipsefdn-mega-menu-promo-content mega-menu-promo-content" data-ad-format=ads_square data-ad-publish-to=eclipse_org_home></div></div></div><div class="mega-menu-submenu container hidden" data-menu-id=resources-menu><div class=mega-menu-submenu-featured-story><p class=mega-menu-submenu-featured-story-heading>Resources</p><p class=mega-menu-submenu-featured-story-text>The Eclipse community consists of individual developers and organisations spanning many industries. Stay up to date on our open source community and find resources to support your journey.</p></div><div class=mega-menu-submenu-links-section><div class=mega-menu-submenu-links><p class=menu-heading>Open Source for Business</p><ul><li><a href=https://www.eclipse.org/org/value/>Business Value of Open Source</a></li><li><a href=https://www.eclipse.org/os4biz/ospo/>Open Source Program Offices</a></li></ul></div><div class=mega-menu-submenu-links><p class=menu-heading>What's Happening</p><ul><li><a href=https://newsroom.eclipse.org/>News</a></li><li><a href=https://events.eclipse.org/>Events</a></li><li><a href=https://www.eclipse.org/community/eclipse_newsletter/>Newsletter</a></li><li><a href=https://newsroom.eclipse.org/news/press-releases>Press Releases</a></li><li><a href=https://www.eclipse.org/org/foundation/eclipseawards/>Awards & Recognition</a></li></ul></div><div class=mega-menu-submenu-links><p class=menu-heading>Developer Resources</p><ul><li><a href=https://eclipse.org/forums/>Forum</a></li><li><a href=https://accounts.eclipse.org/mailing-list>Mailing Lists</a></li><li><a href=https://www.eclipse.org/blogs-and-videos/>Blogs & Videos</a></li><li><a href=https://www.eclipse.org/resources/marketplaces/>Marketplaces</a></li></ul></div></div><div class=mega-menu-submenu-ad-wrapper><div class="eclipsefdn-mega-menu-promo-content mega-menu-promo-content" data-ad-format=ads_square data-ad-publish-to=eclipse_org_home></div></div></div><div class="mega-menu-submenu container hidden" data-menu-id=the-foundation-menu><div class=mega-menu-submenu-featured-story><p class=mega-menu-submenu-featured-story-heading>The Foundation</p><p class=mega-menu-submenu-featured-story-text>The Eclipse Foundation provides our global community of individuals and organisations with a mature, scalable, and vendor-neutral environment for open source software collaboration and innovation.</p></div><div class=mega-menu-submenu-links-section><div class=mega-menu-submenu-links><p class=menu-heading>About</p><ul><li><a href=https://www.eclipse.org/org/>About the Eclipse Foundation</a></li><li><a href=https://www.eclipse.org/org/governance/>Board & Governance</a></li><li><a href=https://www.eclipse.org/org/foundation/staff.php>Staff</a></li><li><a href=https://www.eclipse.org/org/services/>Services</a></li></ul></div><div class=mega-menu-submenu-links><p class=menu-heading>Legal</p><ul><li><a href=https://www.eclipse.org/legal/>Legal Policies</a></li><li><a href=https://www.eclipse.org/legal/privacy/>Privacy Policy</a></li><li><a href=https://www.eclipse.org/legal/terms-of-use/>Terms of Use</a></li><li><a href=https://www.eclipse.org/legal/compliance/>Compliance</a></li><li><a href=https://www.eclipse.org/legal/epl-2.0/>Eclipse Public License</a></li></ul></div><div class=mega-menu-submenu-links><p class=menu-heading>More</p><ul><li><a href=https://newsroom.eclipse.org/news/press-releases>Press Releases</a></li><li><a href=https://www.eclipse.org/careers/>Careers</a></li><li><a href=https://www.eclipse.org/org/artwork/>Logos & Artwork</a></li><li><a href=https://www.eclipse.org/org/foundation/contact.php>Contact Us</a></li></ul></div></div><div class=mega-menu-submenu-ad-wrapper><div class="eclipsefdn-mega-menu-promo-content mega-menu-promo-content" data-ad-format=ads_square data-ad-publish-to=eclipse_org_home></div></div></div></div><div class="jumbotron featured-jumbotron featured-jumbotron-dark margin-bottom-0"><div class=container><div class=row><div class=col-xs-24><h1 class=featured-jumbotron-headline>Security at the Eclipse Foundation</h1><div class=featured-jumbotron-subtitle>Ensuring the Integrity and Reliability of Open Source Projects</div><div class=featured-jumbotron-end></div></div></div></div></div></header><main><div class="container-fluid security-page"><div class="default-breadcrumbs hidden-print" id=breadcrumb><div class=container><div class=row><div class=col-sm-24><ol aria-label=Breadcrumb class=breadcrumb><li><a href=https://www.eclipse.org/>Home</a></li><li class=active aria-current=page><a href=https://www.eclipse.org/security/>Security at the Eclipse Foundation</a></li></ol></div></div></div></div><div class="row padding-y-60"><div class=container><p>With over 425 open source projects and billions of downloads, it’s increasingly difficult for any Eclipse contributor to manage security best practices across their project and handle their dependencies appropriately. Through close collaboration and guidance for our community, the Eclipse Foundation makes it easier to mitigate risks in open source projects.</p><p>Transparency and trust are foundational and lead to an improved software security posture throughout the Eclipse community. Our security initiatives are designed to empower contributors with the knowledge and tools to manage OSS security risks effectively. This includes vulnerability management and reporting, project security support, best practices for repository management, developer training, self-service tools, and security advocacy.</p></div></div><section class="row bg-security-grid dark padding-y-60"><div class=container><div class="col-sm-9 hidden-xs"><img class="img-responsive margin-top-50" src=./images/vulnerability-laptop.png alt></div><div class="col-sm-12 col-sm-offset-3"><h2 id=report-a-vulnerability>Report a Vulnerability</h2><p>To report a security vulnerability in an Eclipse Foundation Project, first, check the project’s repository for a <code>SECURITY.md</code> file and follow its instructions. If none exist, you can email the Eclipse Foundation Security Team at <a href=mailto:security@eclipse-foundation.org>security@eclipse-foundation.org</a> or use the <a href="https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability">dedicated issue tracker</a>. </p><p>For the principles under which the Eclipse Foundation manages the reporting, management, discussion, and disclosure of vulnerabilities discovered in Eclipse software, refer to the <a href=/security/policy/>Eclipse Foundation Vulnerability Reporting Policy</a>.</p><p>For more details on how we handle vulnerability reports, see the dedicated chapter in the
<a href=/projects/handbook/>Eclipse Project Handbook</a>.</p></div></div></section><section class="known-vulnerabilities-and-advisories-section row row-no-gutters padding-top-30 padding-bottom-10"><div class=container><h2 id=known-vulnerabilities-and-advisories>Known Vulnerabilities and Advisories</h2><p>Projects can communicate security information to users through security advisories. They describe a vulnerability (or a class of vulnerabilities) and the solutions to mitigate risks. They usually contain information on which product versions are affected and which contain a fix, including workarounds if available.</p><div class=col-sm-12><div class="row sharp-card sharp-card-carrot-orange text-white padding-x-20 padding-y-40 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto" src=./images/known-vulnerabilities.png alt width=50></div><div class="col-sm-19 col-sm-offset-1">To see the vulnerabilities affecting Eclipse sites and Projects, refer to the <a href=/security/known/>Eclipse Known Vulnerabilities</a> page.</div></div></div><div class=col-sm-12><div class="row sharp-card sharp-card-carrot-orange text-white padding-x-20 padding-y-40 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto" src=./images/advisories.png alt width=50></div><div class="col-sm-19 col-sm-offset-1">There is a dedicated section about security advisories in the <a href=https://github.com/eclipse-csi/security-handbook/blob/main/docs/vulnerabilities/advisories.md>Eclipse Security Handbook</a></div></div></div></div></section><section class="row row-no-gutters padding-top-20 padding-bottom-60"><div class=container><h2 id=key-services-and-benefits>Key Services and Benefits</h2><p>The Eclipse Foundation’s software security services ensure the integrity, authenticity, and compliance of Projects, empowering development teams with expert guidance, secure infrastructure, and essential training. By prioritising OSS security at every development stage, we help maintain the trustworthiness of our open source ecosystem, enabling projects to thrive while reducing risks and vulnerabilities.</p><div class=col-sm-12><div class="row sharp-card padding-x-20 padding-y-20 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto margin-top-20" src=./images/vulnerability-management.png alt width=50></div><div class="col-sm-19 col-sm-offset-1"><h3 class="fs-4 fw-500">Vulnerability Management and Reporting<br>(PSIRT & CVE Assignment)</h3><p>Eclipse Foundation’s Project Security Incident Response Team (PSIRT) manages vulnerability reporting, triage, disclosure, and remediation, while also acting as a CVE Numbering Authority (CNA).</p></div></div></div><div class=col-sm-12><div class="row sharp-card padding-x-20 padding-y-20 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto margin-top-20" src=./images/infra.png alt width=50></div><div class="col-sm-19 col-sm-offset-1"><h3 class="fs-4 fw-500">Repository Management and<br>Infrastructure Security</h3><p>Best practices in repository management through self-service tools and the management of overall infrastructure security.</p></div></div></div><div class=col-sm-12><div class="row sharp-card padding-x-20 padding-y-20 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto margin-top-20" src=./images/protect.png alt width=50></div><div class="col-sm-19 col-sm-offset-1"><h3 class="fs-4 fw-500">Project Security Support</h3><p>Infrastructure support, OSS security audits, and guidance to help Projects improve their overall security posture.</p></div></div></div><div class=col-sm-12><div class="row sharp-card padding-x-20 padding-y-20 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto margin-top-20" src=./images/code.png alt width=50></div><div class="col-sm-19 col-sm-offset-1"><h3 class="fs-4 fw-500">Code and Artifacts Signing</h3><p>Supports code and artifact signing to verify the authenticity and integrity of software releases.</p></div></div></div><div class=col-sm-12><div class="row sharp-card padding-x-20 padding-y-20 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto margin-top-20" src=./images/advocacy.png alt width=50></div><div class="col-sm-19 col-sm-offset-1"><h3 class="fs-4 fw-500">Security Advocacy and Communication</h3><p>Provides both inward (to all contributors) and outward (to the general technical public) communication to raise awareness and guide security best practices and achievements.</p></div></div></div><div class=col-sm-12><div class="row sharp-card padding-x-20 padding-y-20 margin-10 match-height-item-by-row"><div class=col-sm-4><img class="img-responsive margin-x-auto margin-top-20" src=./images/training.png alt width=50></div><div class="col-sm-19 col-sm-offset-1"><h3 class="fs-4 fw-500">Developer Training</h3><p>Educational programs to help developers learn best practices, secure coding principles, and vulnerability management.</p></div></div></div></div></section><section class="row bg-security-grid dark padding-y-60"><div class=container><div class=col-sm-12><h2 id=about-the-eclipse-foundation-security-team>About the Eclipse Foundation<br>Security Team</h2><p>The Eclipse Foundation (EF) Security Team is the part of the Eclipse Management Organization (EMO) tasked with software security and vulnerability coordination and management on behalf of the Eclipse community. It is composed of a small number of security experts. </p><p>The EF Security Team does not resolve vulnerabilities; rather, they are addressed and resolved by a project's security team and committers with guidance and assistance from the EF Security Team. The EF Security team triages and redirects vulnerability reports to the appropriate project.</p></div><div class="col-lg-8 col-lg-offset-4 col-sm-12 margin-top-40"><div class=security-contact><img class=security-contact-bg src=./images/laptop.png alt><div class=security-contact-content><img class=security-contact-email-icon src=./images/email.png alt><div class=security-contact-text><p>Email the Eclipse Foundation<br>
 Security Team at<br><a href=mailto:security@eclipse-foundation.org>security@eclipse-foundation.org</a></p></div></div></div></div></div></section><section class="row padding-top-60 padding-bottom-40"><div class=container><div class=col-sm-8><h2 class=margin-bottom-30 id=insights-and-resources>Insights & Resources</h2></div><div class=col-sm-16><div class=newsroom-resources data-res-title data-res-type="case_study, white_paper, market_report, social_media_kit" data-res-template=cover data-res-limit=3 data-res-wg=security></div></div><div class="col-xs-24 margin-top-30"><div class=eclipsefdn-video-list data-playlist-ids=PLy7t4z5SYNaT7JN8FIVTGAy1QUnLTdv9R></div></div></div></section><section class="row row-no-gutters padding-bottom-60"><div class=container><h2 class=margin-bottom-30 id=related>Related Industry Collaborations and Projects</h2><ul class="related-list fs-lg"><li><a class="link-unstyled related-item" href=https://github.com/eclipse-csi/><img class=img-responsive src=./images/csi.png alt><p>Eclipse Common Security Infrastructure</p></a></li><li><a class="link-unstyled related-item" href=https://orcwg.org><img class=img-responsive src=./images/orc.png alt><p>Open Regulatory Compliance Working Group</p></a></li></ul></div></section><section class="row row-no-gutters padding-bottom-60"><div class=container><h2 id=news-and-events>News & Events</h2><div class="col-xs-24 col-sm-11 col-sm-offset-0 margin-top-20"><div class="feed-list feed-list-vertical feed-list-bordered news-section-container match-height-item"><div class="feed-actions feed-actions-ratio-3x5 news-section-action"><img class=feed-actions-img src=./images/news.jpg alt><div class=feed-actions-btns><button type=button class="btn btn-secondary" data-toggle=modal data-target=#subscription-modal> <i class="fa fa-rss margin-right-5" aria-hidden=true></i>Subscribe </button> <a class="btn btn-primary" href=/security/news/>View All</a></div></div><div class="news-items news-cards" id=news-list data-news-count=3 data-template-id=news-cards data-publish-target=security></div></div></div><div class="col-xs-24 col-sm-11 col-sm-offset-2 margin-top-20"><div class="events-feed-list feed-list feed-list-vertical feed-list-bordered match-height-item"><div class="feed-actions feed-actions-ratio-3x5 news-section-action"><img class=feed-actions-img src=./images/events.jpg alt><div class=feed-actions-btns><a class="btn btn-secondary" href=https://newsroom.eclipse.org/node/add/events>Submit an Event</a> <a class="btn btn-primary" href=/security/events/>View All</a></div></div><div class="events-list padding-20 h-100" id=events-list data-count=4 data-template-id=event-timeline data-publish-target=security data-upcoming=1><div class="events-container h-100" id=events-container></div></div></div></div></div></section><div class="modal fade" tabindex=-1 role=dialog id=subscription-modal aria-labelledby=subscription-modal-title><div class=modal-dialog role=document><div class=modal-content><div class="modal-body text-center"><button type=button class=close data-dismiss=modal aria-label=Close> <i class="fa fa-close" aria-hidden=true></i></button><h4 class="modal-title margin-bottom-40" id=subscription-modal-title>Subscribe to Updates from<br>our Security Team</h4><a class="btn btn-primary" href=https://newsroom.eclipse.org/rss/news/security/news.xml><i class="fa fa-rss margin-right-5" aria-hidden=true></i> Subscribe to News </a><a class="btn btn-primary" href=https://newsroom.eclipse.org/rss/news/security/announcements.xml><i class="fa fa-rss margin-right-5" aria-hidden=true></i> Subscribe to Announcements</a></div></div></div></div></div></main><div class="eclipsefdn-featured-footer featured-footer" id=featured-footer data-publish-target=eclipse_org><div class=container><div class=row><div class="col-sm-24 featured-container"></div></div></div></div><p id=back-to-top><a class=visible-xs href=#>Back to the top</a></p><footer class=footer id=footer><div class=container><div class="footer-end-social-container margin-bottom-30"><div class=footer-end-social><p class="footer-end-social-text hidden-xs">Follow Us:</p><ul class="footer-end-social-links list-inline"><li><a class=link-unstyled href=https://x.com/EclipseFdn title="X account"><span class=fa-stack><i class="fa-solid fa-circle fa-stack-2x" aria-hidden=true></i> <i class="fa-brands fa-x-twitter fa-stack-1x fa-inverse" aria-hidden=true></i> <span class=sr-only>X account</span></span></a></li><li><a class=link-unstyled href=https://bsky.app/profile/eclipsefdn.bsky.social title="Bluesky account"><span class=fa-stack><i class="fa-solid fa-circle fa-stack-2x" aria-hidden=true></i> <i class="fa-brands fa-bluesky fa-stack-1x fa-inverse" aria-hidden=true></i> <span class=sr-only>Bluesky account</span></span></a></li><li><a class=link-unstyled href=https://www.facebook.com/eclipse.org title="Facebook account"><span class=fa-stack><i class="fa-solid fa-circle fa-stack-2x" aria-hidden=true></i> <i class="fa-brands fa-facebook-f fa-stack-1x fa-inverse" aria-hidden=true></i> <span class=sr-only>Facebook account</span></span></a></li><li><a class=link-unstyled href=https://www.youtube.com/user/EclipseFdn title="Youtube account"><span class=fa-stack><i class="fa-solid fa-circle fa-stack-2x" aria-hidden=true></i> <i class="fa-brands fa-youtube fa-stack-1x fa-inverse" aria-hidden=true></i> <span class=sr-only>Youtube account</span></span></a></li><li><a class=link-unstyled href=https://www.linkedin.com/company/eclipse-foundation title="Linkedin account"><span class=fa-stack><i class="fa-solid fa-circle fa-stack-2x" aria-hidden=true></i> <i class="fa-brands fa-linkedin-in fa-stack-1x fa-inverse" aria-hidden=true></i> <span class=sr-only>Linkedin account</span></span></a></li></ul></div></div><div class="footer-sections row equal-height-md font-bold"><div class=col-md-15><div class=row><section id=footer-eclipse-foundation class="footer-section col-sm-8"><div class=menu-heading>Eclipse Foundation</div><ul class=nav><li><a href=https://www.eclipse.org/org/>About</a></li><li><a href=https://projects.eclipse.org/>Projects</a></li><li><a href=https://www.eclipse.org/collaborations/>Collaborations</a></li><li><a href=https://www.eclipse.org/membership/>Membership</a></li><li><a href=https://www.eclipse.org/sponsor/>Sponsor</a></li></ul></section><section id=footer-legal class="footer-section col-sm-8"><div class=menu-heading>Legal</div><ul class=nav><li><a href=https://www.eclipse.org/legal/privacy/>Privacy Policy</a></li><li><a href=https://www.eclipse.org/legal/terms-of-use/>Terms of Use</a></li><li><a href=https://www.eclipse.org/legal/compliance/>Compliance</a></li><li><a href=https://www.eclipse.org/org/documents/Community_Code_of_Conduct.php>Code of Conduct</a></li><li><a href=https://www.eclipse.org/legal/>Legal Resources</a></li><li><a class=toolbar-manage-cookies href=# onclick=event.preventDefault()>Manage Cookies</a></li></ul></section><section id=footer-more class="footer-section col-sm-8"><div class=menu-heading>More</div><ul class=nav><li><a href=https://www.eclipse.org/security/>Report a Vulnerability</a></li><li><a href=https://status.eclipse.org/>Service Status</a></li><li><a href=https://www.eclipse.org/org/foundation/contact.php>Contact Us</a></li><li><a href=https://www.eclipse.org/projects/support/>Support</a></li></ul></section></div></div><div id=footer-end class="footer-section col-md-8 col-md-offset-1 col-sm-24"><div class=footer-end-newsletter><form id=mc-embedded-subscribe-form action="https://eclipse.us6.list-manage.com/subscribe/post?u=eaf9e1f06f194eadc66788a85&amp;id=e7538485cd&amp;f_id=00f9c2e1f0" method=post novalidate target=_blank><label class=footer-end-newsletter-label for=email>Subscribe to our Newsletter</label><div class=footer-end-newsletter-input-wrapper><input class=footer-end-newsletter-input type=email id=email name=EMAIL autocomplete=email placeholder="Enter your email address"> <button class="footer-end-newsletter-submit btn btn-link" id=mc-embedded-subscribe type=submit name=subscribe> <i class="fa fa-solid fa-envelope fa-lg" aria-hidden=true></i></button></div></form></div></div></div><div class="col-sm-24 margin-top-20"><div class=row><div id=copyright class=col-md-16><p id=copyright-text>Copyright &copy; Eclipse Foundation AISBL. All Rights Reserved.</p></div></div></div><a href=# class=scrollup>Back to the top</a></div></footer><div id=footer-js><script src="/public/js/main.js?v1.0?v=1743448706"></script><script id=event-timeline type=text/html>{{#events.length}}<div class="timeline timeline-vertical timeline-opposite min-h-100">{{#events}} <a class="timeline-item link-unstyled" href={{infoLink}}><p class=event-title><strong>{{title}}</strong></p><p>{{date}}</p></a>{{/events}}</div>{{/events.length}} {{^events.length}}<p class=margin-0>No events at this time. Please check again later!</p>{{/events.length}}</script><script id=news-cards type=text/html><div class=feed-list-items>{{#news.length}} {{#news}} <a class="feed-item news-item-card link-unstyled" href={{link}}><div class=news-item-card-title>{{title}}</div><div class=news-item-card-date>{{date}}</div><div class=news-item-card-body>{{body}}</div></a>{{/news}} {{/news.length}} {{^news.length}}<div class="feed-item news-item-card"><p class=margin-0>No news at this time. Please check again later!</p></div>{{/news.length}}</div></script><script>(function(e){e("#events-list").eclipseFdnApi({type:"filteredEvents"}),e("#news-list").eclipseFdnApi({type:"newsItems"})})(jQuery,document)</script></div></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10