I’m sure there are orgs that audit FOSS code for security and privacy. Could you guys let me know what some of the main orgs that do this? Do you have any ones you like in particular.

  • Ephera@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    3 months ago

    You can try to apply for a grant at Mozilla: https://www.mozilla.org/en-US/moss/secure-open-source/
    Their list of “audits we’ve completed so far” ends in 2019, though, so no idea if they still have money for this.

    Otherwise, sometimes governments or hacking contests, like Pwn2Own, do audits/pentests, but you pretty much just have to be a well-known open-source project either way…