This is one of nine FOSS teams selected for the first round of the STF Contribute Back Challenges. It is in the Securing FOSS Software Production area.
Nix is an open source build system, configuration management system, and mechanism for deploying software, focused on reproducibility. With Nixpkgs and NixOS it supports the largest, most up-to-date free software repository in the world. Reinforcing the project’s security framework across the full software development life cycle provides safer defaults for users and eases industry adoption.
Each participating team submitted a final report and included a portion to be published.
The NixOS project now has all pieces of the puzzle to offer security features superior to most other Linux distributions and at least en par with commercial offers, while preserving the ease and freedom of customisation NixOS has always been known for.
Completing this project has shifted our concern from purely remediation to prevention of security incidents.
With the proper tooling in place, we can now tap into the collective energy and intellect of thousands of contributors to solve ever larger problems within and outside of our growing and maturing community.