Skip to content
View pnacht's full-sized avatar

Block or report pnacht

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
pnacht/README.md

About me 😸

A cinephile, there"s nothing I like more than going to the movies (preferably with others!) and eat some popcorn. I can watch just about anything, from superhero flicks to period dramas to slapstick comedy. Some of the best movies I"ve ever watched are so bad... but so, so good.

Professionally... let"s just say I"ve been around. Started off as a structural engineer, but soon migrated to developing software for engineers for a while. After a hiatus doing an MBA, went on to work in the financial industry doing data science. Looking to make more of an impact, I went off to work with...

The Google Open Source Security Team (GOSST 👻)

GOSST was created in response to the increasing supply-chain attacks on projects that consume open-source code. It works along with the Linux Foundation"s Open Source Security Foundation (OpenSSF) to improve the security of the open-source ecosystem. GOSST and the OpenSSF develop solutions to make open-source software safer at scale. See here for info on Google"s open-source initiatives.

I"m part of a GOSST sub-team responsible for working hand-in-hand with the open-source community. We focus on helping individual critical projects increase their security. Our goals are to:

  • develop specific approaches for each project;
  • suggest solutions or enhancements that fit the project"s needs and don"t overburden maintainers;
  • talk with maintainers about our suggestion or about any other solutions they might prefer;
  • implement the changes and submit them as PRs;
  • collect all feedback to be shared with the rest of GOSST and the OpenSSF.

Security Solutions

See below some of the tools developed by GOSST and the OpenSSF:

  • Scorecard: automated checks to evaluate a project"s security practices and suggest improvements as needed;
  • SLSA (pronounced "salsa"): a standard and protocol to ensure an artifact"s provenance, guaranteeing it comes from the expected location and process. This aims to prevent tampering and improve the integrity of infrastructure and consumed packages;
  • Sigstore: keyless signing and verification of artifacts;
  • OSS-FUZZ: automated fuzzing at scale;
  • OSV: a human- and machine-readable database of vulnerabilities that maps affected software versions across open source ecosystems;
  • GUAC: graph database of security metadata (in development).

Popular repositories Loading

  1. jackson-core jackson-core Public

    Forked from FasterXML/jackson-core

    Core part of Jackson that defines Streaming API as well as basic shared abstractions

    Java 1 1

  2. simplysql simplysql Public

    R

  3. scorecard scorecard Public

    Forked from ossf/scorecard

    Security Scorecards - Security health metrics for Open Source

    Go

  4. slsa-github-generator slsa-github-generator Public

    Forked from slsa-framework/slsa-github-generator

    Language-agnostic SLSA provenance generation for Github Actions

    Go 1

  5. zephyr zephyr Public

    Forked from zephyrproject-rtos/zephyr

    Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.

    C

  6. pnacht pnacht Public

    1