Alpha-Omega

Congrats to FreeBSD on a very successful audit. When Alpha-Omega funds an audit we always hope that it will do more than just find vulnerabilities. When it works, an audit catalyzes a new awareness of security priorities in the organization. With the FreeBSD Foundation there was already a long tradition of security but as this audit showed, there's always work to be done. These paragraphs really made me happy: "Beyond discovering and fixing the vulnerabilities themselves, this code audit has also identified patterns and general classes for the vulnerabilities discovered. This helps the project engage with the committers to reduce the future incidence of similar vulnerabilities. "The FreeBSD Foundation recommends using the code audit findings to deliver developer education and training that create a security-conscious development mindset and to steward an Advisory Committee for security to materially support the FreeBSD Project in resourcing security-focused work." This is exactly the kind of lasting impact even a modest audit can have on an organization that primed and ready. The full audit is here: https://lnkd.in/ds9TJxHU It's well worth the read.

Congrats to the rustls team for a major performance milestone. In case you didn't know, rustls is a TLS library written in #rust. Memory safety and performance, pick two! This work is part of Internet Security Research Group (ISRG)'s memorysafety initiative and was supported by Alpha-Omega, the Sovereign Tech Fund, Google, Amazon Web Services (AWS), and Fly.io. https://lnkd.in/gQCbQABC #oss #supplychain #security

Congrats to the rustls team for a major performance milestone. In case you didn't know, rustls is a TLS library written in #rust. Memory safety and performance, pick two! This work is part of Internet Security Research Group (ISRG)'s memorysafety initiative and was supported by Alpha-Omega, the Sovereign Tech Fund, Google, Amazon Web Services (AWS), and Fly.io. https://lnkd.in/gQCbQABC #oss #supplychain #security

How effective are bug bounties in making open source critical infrastructure safer? Join us on the evening of 30 Sep 2024 in Berlin for the presentation of Dr. Ryan Ellis’ research and, a keynote by Sabine Grützmacher (MdB). An expert panel of Amir Montazery of Open Source Technology Improvement Fund, Inc (OSTIF), Yona Raekow of Federal Office for Information Security (BSI), Lars Francke of Stackable, and Dr. A?mad Berady from YesWeHack will also help us explore bug bounties, FOSS, security, and the public interest. Refreshments will be served! Event details & agenda: https://lnkd.in/e6Ef-X6p We’re reserving 30 spots for interested members of FOSS communities. If that’s you, sign up here: https://lnkd.in/evmcZGYK

?? Deb Nicholson from Python Software Foundation & Rebecca Rumbul from Rust Foundation discuss strategies for fostering good security hygiene and building consensus, while contrasting bottom-up vs. top-down approaches. #SOSSCommunity #OSSummit

?? Alpha-Omega talks about securing open source by scanning & repairing thousands of libraries at #OSSummit. Learn about how they tackles scaling, data handling, and unknown vulnerabilities. Join Michael Winser & Dr. Munawar Hafiz to learn more!#OSSSecurity

We are excited to announce the continuation of Seth Michael Larson's work in the Security Developer-in-Residence role through the end of 2024 thanks to continued support from Alpha-Omega OSS #python #security https://lnkd.in/grkWbCsv

Once again for the people in the back: Your software supply chain is not just the dependencies used to build your application. https://lnkd.in/eeYsYVfd

Join us this Thursday July 25 at 12pm ET virtually for a "How to get started in Open Source Software and Cybersecurity" during the OpenSSF DEI Working Group Community Office Hours! Our first session will be with industry experts Marcela Melara and myself. ?? Save the Date: July 25, 12pm ET This is a fantastic opportunity to: * Get insights on how to get started in open source security. * Connect with professionals and like-minded individuals. * Have your questions answered in real-time. Don't miss out on this chance to elevate your career in cybersecurity! See you there! ???? The community office hours would not be possible without the support from Dana Wang, Christopher Robinson, Jautau White, PhD, MBA, MS, Sally Cooper, Michael Scovetta, and many others! #OpenSource #CyberSecurity #Community #OfficeHours #OpenSSF #DEI #CareerDevelopment #TechEvents

I wrote about all the stuff I did at #PyConUS as Security Developer-in-Residence (with slides!) ????? #security #supplychain #supplychainsecurity #python #oss #opensource https://lnkd.in/gejcyeAx