Hi colleagues! I just received this email. Not sure what this all means.

---------- Forwarded message ---------
От: Santiago Díaz <sald...@google.com>
Date: чт, 4 июн. 2020 г. в 21:47
Subject: Contribution - CSP support for Wicket
To: <andru...@gmail.com>

Hello Andrew,

My name is Santiago, I'm a Security Engineer at Google. I am currently
making preparations to receive a small group of interns for this summer's
Google internships and found your email during the course of my research.

Here at Google we have a lot of experience deploying security mechanisms
(like Content Security Policy, Trusted Types, Fetch Metadata, Cross-Origin
Opener Policy and others) at scale. We understand the pains of designing
strong security policies, finding blockers for their deployment and
locating pieces of code that need refactoring.

*Why are you receiving this email?*
For this year's internships (and considering the current global situation)
we would like to contribute to selected open source projects, bringing some
of our experience to *encourage adoption of some of these security
enhancements*. Wicket is one of the projects we have shortlisted and we'd
be happy to collaborate with you!

I found out that there is an ongoing discussion over at
https://issues.apache.org/jira/browse/WICKET-5406 to improve CSP support in
Wicket and that *you have been running some experiments on what that would
look like*.

Having said that, it would be great if we could boost your work instead of
reinventing the wheel. As such, I would like to know if you'd be open to
our contributions and if so, whether you'd be willing to give me some
context on what has been done, what issues you've come across and whether
you have any thoughts on what would be the best way for us to contribute.

Thank you for reading and I'm looking forward to hearing from you! :)


Reply via email to