New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commission security audits ahead of General Availability #31

Open

gnarea opened this issue Dec 1, 2021 · 1 comment

Projects

General Availability

Member

gnarea commented Dec 1, 2021 •

edited

Apart from our own libraries, apps and cloud infrastructure, we should try to get the following third-party dependencies audited too:

PKI.js (at least Certificate, EnvelopedData, SignedData and their internal dependencies).
@peculiar/webcrypto and webcrypto-core (at least the algorithms we use).
asn1js.
@stablelib/aes-kw (used in Electron apps only)

See: https://www.opentech.fund/labs/red-team-lab/

The text was updated successfully, but these errors were encountered:

gnarea added this to To do in General Availability via automation

gnarea moved this from To do to In progress in General Availability

Member Author

gnarea commented Jan 4, 2024

The request has been approved and work will begin Feb 2024 (next month).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment