[zeromq-dev] Free security help from Google and Open Source Technology Improvement Fund, Inc

Luca Boccassi luca.boccassi at gmail.com
Wed Oct 19 20:38:33 CEST 2022


Thanks, existing fuzzers are the *_fuzzer.cpp files at:
https://github.com/zeromq/libzmq/tree/master/tests

On Wed, 19 Oct 2022 at 16:04, Amir Montazery <amir at ostif.org> wrote:

> Of course, that is understandable. Thank you all for maintaining such an
> important project despite your busy schedules! I hope we can find a way to
> help make your lives easier.
>
> What we can contribute is a security review by an experienced team to
> assess general design review; code quality, defensive programming, and best
> practices, as well as opportunities to improve fuzzing. Additional fuzzers
> can be built and the team can integrate the project to oss-fuzz for
> continuous monitoring of security issues. Based on our experience, when
> security teams have a line of contact with the project maintainers, they
> can be guided and better utilized to help.
>
> I'm fairly certain that we can provide new fuzzers/test cases and will get
> more specific details for you on that.
>
> Thank you!
> Amir
>
>
>
>
>
> On Tue, Oct 18, 2022 at 3:26 PM Luca Boccassi <luca.boccassi at gmail.com>
> wrote:
>
>> Hi,
>>
>> Thanks for the offer, but let's continue via mail please, we are all very
>> busy as-is.
>>
>> What can you contribute, concretely? I have already set up fuzzing some
>> time ago. Can you provide new fuzzers/test cases? If so that would be
>> great, just send pull requests to the repository.
>>
>> On Wed, 12 Oct 2022 at 13:10, Amir Montazery <amir at ostif.org> wrote:
>>
>>> We can help with whatever the project needs. The intention is to connect
>>> the project maintainer(s)/contributor(s) with our security team (made up of
>>> security experts and Google Open Source Security engineers) to help where
>>> the project needs it most. We can help with bug fixes, security tooling i.e
>>> fuzzing and developing fuzzers for the project, CI/CD, and anything else
>>> that will help zeromq be more secure!
>>>
>>> Thankfully we have resources to help and are able to compensate
>>> maintainer(s) who participate in the engagement to show our gratitude for
>>> your time and efforts.
>>>
>>> I'd be happy to set up a quick introductory call with anyone interested
>>> in learning more.
>>>
>>> Thank you and have a great day!
>>> Amir
>>>
>>> On Tue, Oct 11, 2022 at 10:05 PM Luca Boccassi <luca.boccassi at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> What kind of support are you able to provide?
>>>>
>>>> On Tue, 11 Oct 2022 at 14:30, Amir Montazery <amir at ostif.org> wrote:
>>>>
>>>>> Yes, I meant zeromq. Thank you Arnaud! That is my mistake.
>>>>>
>>>>> That’s great news, we have teams ready to help. Would you be a good
>>>>> person to coordinate that with? If anyone else comes to mind to include
>>>>> please let me know!
>>>>>
>>>>> I would be happy to set up a quick call to meet and discuss how we can
>>>>> best be of service to the zeromq project.
>>>>>
>>>>> Thank you,
>>>>> Amir
>>>>>
>>>>> On Tue, Oct 11, 2022 at 1:22 PM Arnaud Loonstra <arnaud at sphaero.org>
>>>>> wrote:
>>>>>
>>>>>> Are you sure you are on the right list? This the zeromq list not
>>>>>> dnsmasq.
>>>>>>
>>>>>> We'd appreciate any help for sure!
>>>>>>
>>>>>> Rg,
>>>>>>
>>>>>> Arnaud
>>>>>>
>>>>>> On 07-10-2022 21:46, Amir Montazery wrote:
>>>>>> > Hello dnsmasq community! OSTIF would like to help improve your
>>>>>> security
>>>>>> > posture!
>>>>>> >
>>>>>> > I’m Amir from Open Source Technology Improvement Fund, Inc. OSTIF
>>>>>> > <https://ostif.org/> is a nonprofit solely dedicated to helping
>>>>>> open
>>>>>> > source projects improve their security for free.
>>>>>> >
>>>>>> > We are working with a team of Google engineers and security experts
>>>>>> to
>>>>>> > help important open source projects like dnsmasq. This includes
>>>>>> helping
>>>>>> > improve testing, reviewing code, implementing more security tools,
>>>>>> and
>>>>>> > improving supply chain security.
>>>>>> >
>>>>>> > Additionally, we understand the time constraints that open source
>>>>>> > contributors have, and would like to compensate contributors for
>>>>>> their
>>>>>> > time working with us.
>>>>>> >
>>>>>> > We would love to work with you! Please let me know who we should be
>>>>>> > talking to and how we can help!
>>>>>> >
>>>>>> > Thank you in advance for your consideration!
>>>>>> >
>>>>>> > Best,
>>>>>> >
>>>>>> > Amir
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > *Amir Montazery*
>>>>>> > Managing Director
>>>>>> > Open Source Technology Improvement Fund
>>>>>> > https://ostif.org/ <https://ostif.org/>
>>>>>> > https://calendly.com/ostif <https://calendly.com/ostif>
>>>>>> >
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > zeromq-dev mailing list
>>>>>> > zeromq-dev at lists.zeromq.org
>>>>>> > https://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>>>> _______________________________________________
>>>>>> zeromq-dev mailing list
>>>>>> zeromq-dev at lists.zeromq.org
>>>>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>>>>
>>>>> --
>>>>> *Amir Montazery*
>>>>> Managing Director
>>>>> Open Source Technology Improvement Fund
>>>>> https://ostif.org/
>>>>> https://calendly.com/ostif
>>>>>
>>>>> _______________________________________________
>>>>> zeromq-dev mailing list
>>>>> zeromq-dev at lists.zeromq.org
>>>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>>>
>>>> _______________________________________________
>>>> zeromq-dev mailing list
>>>> zeromq-dev at lists.zeromq.org
>>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>>
>>>
>>>
>>> --
>>> *Amir Montazery*
>>> Managing Director
>>> Open Source Technology Improvement Fund
>>> https://ostif.org/
>>> https://calendly.com/ostif
>>>
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>
>
> --
> *Amir Montazery*
> Managing Director
> Open Source Technology Improvement Fund
> https://ostif.org/
> https://calendly.com/ostif
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20221019/d163ee72/attachment.htm>


More information about the zeromq-dev mailing list