From: Amir Montazery <firstname.lastname@example.org>
Subject: Coordinated Security Audit for git. Contacts needed
Date: Thu, 21 Jul 2022 11:49:51 -0500 [thread overview]
Message-ID: <CADKuG0uzh3syzgfiPLepiTLXNzkoYhLFX1h-DE3C7c8j6HXALQ@mail.gmail.com> (raw)
Hello git maintainers,
The Open Source Technology Improvement Fund, Inc (https://ostif.org)
has put together a coalition of 18 security professionals and
researchers to conduct a holistic security review of git. The
objective of this email is to inform you of the effort and seek
collaboration. We feel that the more we can engage and collaborate
with git maintainers, the more effective and impactful our security
review can be. An overview of the teams and work packages is as
Git Security Audit Work Packages:
Git source code review and threat modeling: This will be done by the
team at x41 d-sec with support from Gitlab reps.
Supply chain security / CI infrastructure review with Chainguard and
support from Gitlab.
A new setup of CodeQL for git with Xavier, Turbo and their team from Github.
We would love to collaborate to establish communication channels with
key maintainers. Would it be possible for one of us to join one of
your community meetings for 5 minutes? Or is there a key person we
should be engaging?
We thank you for maintaining a key and critical piece of software for
the open source community and beyond.
Open Source Technology Improvement Fund
next reply other threads:[~2022-07-21 16:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-21 16:49 Amir Montazery [this message]
2022-07-21 17:47 ` Coordinated Security Audit for git. Contacts needed Junio C Hamano
2022-07-21 18:06 ` Amir Montazery
2022-07-21 18:47 ` Junio C Hamano
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).