Announcing Elixir OpenChain ISO/IEC 5230 Certification

Here’s what I’d focus on as a library maintainer who wants to strengthen their security posture:

  • Make sure your accounts are locked down: Enable two-factor authentication (2FA) wherever possible.
  • Carefully vet your contributors: Know who’s contributing and have clear guidelines for reviews and approvals.
  • Set up a clear security policy: One good reference is the EEF Vulnerability Disclosure Guide. A policy helps everyone know how to handle issues responsibly.
  • Check out the OpenSSF tools:

We’re also working on / preparing a lot more, like becoming a CVE Numbering Authority, implementing build provenance (SLSA), trusted publishing, and improved SBoM generation. I’ll post updates once we have something concrete to share.

If you’re into these topics, I really encourage you to hop on one of our EEF security WG calls. We talk about all these initiatives there and always welcome more input!

16 Likes