Coordinated Security Audit for git. Contacts needed

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

From: Amir Montazery <amir@ostif.org>
To: git@vger.kernel.org
Subject: Coordinated Security Audit for git. Contacts needed
Date: Thu, 21 Jul 2022 11:49:51 -0500	[thread overview]
Message-ID: <CADKuG0uzh3syzgfiPLepiTLXNzkoYhLFX1h-DE3C7c8j6HXALQ@mail.gmail.com> (raw)

Hello git maintainers,

The Open Source Technology Improvement Fund, Inc (https://ostif.org)
has put together a coalition of 18 security professionals and
researchers to conduct a holistic security review of git. The
objective of this email is to inform you of the effort and seek
collaboration.  We feel that the more we can engage and collaborate
with git maintainers, the more effective and impactful our security
review can be. An overview of the teams and work packages is as
follows:

Git Security Audit Work Packages:

Git source code review and threat modeling: This will be done by the
team at x41 d-sec with support from Gitlab reps.

Supply chain security / CI infrastructure review with Chainguard and
support from Gitlab.

A new setup of CodeQL for git with Xavier, Turbo and their team from Github.

We would love to collaborate to establish communication channels with
key maintainers. Would it be possible for one of us to join one of
your community meetings for 5 minutes? Or is there a key person we
should be engaging?

We thank you for maintaining a key and critical piece of software for
the open source community and beyond.

Thanks again,
Amir

-- 
Amir Montazery
Managing Director
Open Source Technology Improvement Fund
https://ostif.org/
https://calendly.com/ostif

next             reply	other threads:[~2022-07-21 16:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-21 16:49 Amir Montazery [this message]
2022-07-21 17:47 ` Coordinated Security Audit for git. Contacts needed Junio C Hamano
2022-07-21 18:06   ` Amir Montazery
2022-07-21 18:47     ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CADKuG0uzh3syzgfiPLepiTLXNzkoYhLFX1h-DE3C7c8j6HXALQ@mail.gmail.com \
    --to=amir@ostif.org \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).