23
Are there any organisations that audit FOSS code? (lemmy.ml)
submitted 1 week ago by gwilikers@lemmy.ml to c/foss@beehaw.org
5 comments fedilink hide all child comments

I'm sure there are orgs that audit FOSS code for security and privacy. Could you guys let me know what some of the main orgs that do this? Do you have any ones you like in particular.

top 5 comments
sorted by: hot top controversial new old
[-] CameronDev@programming.dev 11 points 1 week ago* (last edited 1 week ago)

For free? Probably not.

Wireguard has been audited by some University groups, maybe contact one of them:

[-] Ephera@lemmy.ml 7 points 1 week ago

You can try to apply for a grant at Mozilla: https://www.mozilla.org/en-US/moss/secure-open-source/
Their list of "audits we've completed so far" ends in 2019, though, so no idea if they still have money for this.

Otherwise, sometimes governments or hacking contests, like Pwn2Own, do audits/pentests, but you pretty much just have to be a well-known open-source project either way...

[-] gwilikers@lemmy.ml 3 points 1 week ago

Ah, I think I may have used the wrong terminology (though thank you for the respobses). What I'm really looking for is an organisation that provides public reviews of FOSS codebases and assesses their privacy and security. Is that a thing?

[-] ashley@lemmy.ca 2 points 1 week ago

Don’t think so, sounds like a security audit.

[-] gwilikers@lemmy.ml 1 points 1 week ago

Faair. Thanks anyways.

this post was submitted on 23 Sep 2024
23 points (100.0% liked)

Free and Open Source Software

17805 readers
27 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
Gaywallet@beehaw.org
alyaza@beehaw.org