archive mirror
 help / color / mirror / Atom feed
From: Amir Montazery <>
Subject: Coordinated Security Audit for git. Contacts needed
Date: Thu, 21 Jul 2022 11:49:51 -0500	[thread overview]
Message-ID: <> (raw)

Hello git maintainers,

The Open Source Technology Improvement Fund, Inc (
has put together a coalition of 18 security professionals and
researchers to conduct a holistic security review of git. The
objective of this email is to inform you of the effort and seek
collaboration.  We feel that the more we can engage and collaborate
with git maintainers, the more effective and impactful our security
review can be. An overview of the teams and work packages is as

Git Security Audit Work Packages:

Git source code review and threat modeling: This will be done by the
team at x41 d-sec with support from Gitlab reps.

Supply chain security / CI infrastructure review with Chainguard and
support from Gitlab.

A new setup of CodeQL for git with Xavier, Turbo and their team from Github.

We would love to collaborate to establish communication channels with
key maintainers. Would it be possible for one of us to join one of
your community meetings for 5 minutes? Or is there a key person we
should be engaging?

We thank you for maintaining a key and critical piece of software for
the open source community and beyond.

Thanks again,

Amir Montazery
Managing Director
Open Source Technology Improvement Fund

             reply	other threads:[~2022-07-21 16:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-21 16:49 Amir Montazery [this message]
2022-07-21 17:47 ` Coordinated Security Audit for git. Contacts needed Junio C Hamano
2022-07-21 18:06   ` Amir Montazery
2022-07-21 18:47     ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).