Thanks for sharing.
This is exciting news and I'm happy to see this!

On Tue, Nov 7, 2023 at 10:40 AM Jarek Potiuk <ja...@potiuk.com> wrote:

> Hello everyone,
>
> I wanted to share some news (not so much news for us but - it's just now
> reached publication stage) that we have nice security / release process
> improvements on-going in Apache Airflow - with several  months of work
> funded by the Sovereign Tech Fund - German government backed fund that aims
> to improve Open Source software.
>
> You can read a nice blog post we wrote with Pierre at the ASF blog about it
> [1] and  social media posts are following.
>
> In-short - several of us banded together and applied to the Sovereign Tech
> Fund as a group of individuals who committed to working on improving
> Airflow security. And we've got the grant for it. You should see
> the efforts coming from those individuals - we are much more focused on the
> Security improvements for the last few months and upcoming few months.
>
> You will see results of it by more security advisories but also by
> improvements in our processes and some more automation, we are generally
> preparing for the future where software development will be more regulated
> in terms of security - both EU and US are very advanced in passing new
> regulations that will affect all kind of software - including open-source
> software and we want to be ahead of the game, not only following but also
> setting the standards for the industry.
>
> The importance of Airflow has been recognized - we've been selected by STF
> as one of 10 most important projects they decided to fund (and they had
> many, many applications).
>
> Security is something that has been pretty close to my heart for quite some
> time and we've already started to rethink our security approach before
> that. We formed quite a bit more focused security team earlier this year -
> which resulted in improving our security policy [2] , Security model [3]
> and more formal and organizer approach to our Security team [4].  But with
> the STF funding we can double-down on the efforts and spend much more time
> and focus by several of us to improve and iterate over processes and tools
> we are using.
>
> Stay tuned for more security related news from Airflow.
>
> [1]
>
> https://news.apache.org/foundation/entry/strengthening-security-for-apache-airflow
> [2] https://github.com/apache/airflow/security/policy
> [3]
>
> https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html
> [4]
> https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#security-team
>

Reply via email to