Open Source
The number of Free/Libre and Open Source Software (FLOSS) projects is increasing every year, and the community has a goal to maintain high quality code, documentation, testing and, of course, a high level of security. Samsung, as one of the world leaders in software (S/W) development and an active participant in the Open Source community, shares these principles and through its example inspires the community to adopt a standardized approach to development S/W.
Linux Foundation (LF), in collaboration with and major IT companies in its Core Infrastructure Initiative (CII), has collected best practices for FLOSS projects and provided these criteria as CII Best Practices [1].
As one of the LF members, Samsung uses Best Practices and shares its experience to improve them.
By looking at the logos, you will recognize many of the products that surround you and their success has in part depended on the use of best development practices. If your product logo is not yet among them, then you need to apply Best Practices. This of course does not guarantee success, but we can say for sure what will bring you closer to it!
In December 2020, the Samsung Open Source Home Edge project team set itself the goal of getting a CII Best Practices passing badge. We are happy to announce that in March 2021, our goal has been achieved: CII Best Practices “passing” badge [2].
These three months were not difficult and the results were amazing.
Benefits achieved on the way to getting the CII Best Practices passing badge:
Improved documentation:
Security and Testing policy
How to Contributing Guidey
Descriptions External APIs
Improved the build and testing system
CI infrastructures: Github->Actions - 20 checks
Integrated of external software tools for analysis code:
gofmt- 92%;
go_vet- 100%;
golint– 76%;
SonarCloud: Security Hotspots – 37 -> 0; Code Smells – 253 -> 50; Duplications – 7.8% -> 2.3%
Improved security analysis:
Integrated CodeQL Analysis, LGTM services: 17 -> 0 Security Alerts
We have reached a high level of code quality, but not all warnings have been fixed yet and we continue to improve our code!
Improving LF Home Edge project [3] infrastructure (using many tools for analyzing code and searching for vulnerabilities) allowed us to increase not only the level of security, but also the reliability of our product. We hope that improving the documentation will reduce the time to enter the project, and therefore increase the number of external developers participating in the project, their advice and input is very important for us.
It should be noted that there were many areas of self-development for the members of the project team: developers became testers, technical writers, security officers. This is a wonderful experience that we got.
Next steps of Home Edge team:
Further improving LF Home Edge project and achieving “silver” and “gold” badges.
Implementation of OpenSSF [4] protected code development practices into LF Home Edge.
Special attention should be paid to the Secure Scorecards project for automated analysis.
Samsung is working with several open source foundations and leading companies around the world in order to deliver secure and high software quality that many developers and companies can trust to use. If you are interested in Samsung Open Source, please visit the official site [5].
[1] “CII Best Practices”, [Online]. Available: https://bestpractices.coreinfrastructure.org/en
[2] “CII Best Practices “passing” badge”, [Online]. Available: https://bestpractices.coreinfrastructure.org/projects/4336
[3] “LF Home Edge Orchestration project”, [Online]. Available: https://github.com/lf-edge/edge-home-orchestration-go
[4] “OpenSSF”, [Online]. Available: https://openssf.org/
[5] “Samsung Open Source”, [Online]. Available: https://opensource.samsung.com/