Of course, that is understandable. Thank you all for maintaining such an important project despite your busy schedules! I hope we can find a way to help make your lives easier.
What we can contribute is a security review by an experienced team to assess general design review; code quality, defensive programming, and best practices, as well as opportunities to improve fuzzing. Additional fuzzers can be built and the team can integrate the project to oss-fuzz for continuous monitoring of security issues. Based on our experience, when security teams have a line of contact with the project maintainers, they can be guided and better utilized to help. I'm fairly certain that we can provide new fuzzers/test cases and will get more specific details for you on that. Thank you! Amir On Tue, Oct 18, 2022 at 3:26 PM Luca Boccassi <luca.bocca...@gmail.com> wrote: > Hi, > > Thanks for the offer, but let's continue via mail please, we are all very > busy as-is. > > What can you contribute, concretely? I have already set up fuzzing some > time ago. Can you provide new fuzzers/test cases? If so that would be > great, just send pull requests to the repository. > > On Wed, 12 Oct 2022 at 13:10, Amir Montazery <a...@ostif.org> wrote: > >> We can help with whatever the project needs. The intention is to connect >> the project maintainer(s)/contributor(s) with our security team (made up of >> security experts and Google Open Source Security engineers) to help where >> the project needs it most. We can help with bug fixes, security tooling i.e >> fuzzing and developing fuzzers for the project, CI/CD, and anything else >> that will help zeromq be more secure! >> >> Thankfully we have resources to help and are able to compensate >> maintainer(s) who participate in the engagement to show our gratitude for >> your time and efforts. >> >> I'd be happy to set up a quick introductory call with anyone interested >> in learning more. >> >> Thank you and have a great day! >> Amir >> >> On Tue, Oct 11, 2022 at 10:05 PM Luca Boccassi <luca.bocca...@gmail.com> >> wrote: >> >>> Hi, >>> >>> What kind of support are you able to provide? >>> >>> On Tue, 11 Oct 2022 at 14:30, Amir Montazery <a...@ostif.org> wrote: >>> >>>> Yes, I meant zeromq. Thank you Arnaud! That is my mistake. >>>> >>>> That’s great news, we have teams ready to help. Would you be a good >>>> person to coordinate that with? If anyone else comes to mind to include >>>> please let me know! >>>> >>>> I would be happy to set up a quick call to meet and discuss how we can >>>> best be of service to the zeromq project. >>>> >>>> Thank you, >>>> Amir >>>> >>>> On Tue, Oct 11, 2022 at 1:22 PM Arnaud Loonstra <arn...@sphaero.org> >>>> wrote: >>>> >>>>> Are you sure you are on the right list? This the zeromq list not >>>>> dnsmasq. >>>>> >>>>> We'd appreciate any help for sure! >>>>> >>>>> Rg, >>>>> >>>>> Arnaud >>>>> >>>>> On 07-10-2022 21:46, Amir Montazery wrote: >>>>> > Hello dnsmasq community! OSTIF would like to help improve your >>>>> security >>>>> > posture! >>>>> > >>>>> > I’m Amir from Open Source Technology Improvement Fund, Inc. OSTIF >>>>> > <https://ostif.org/> is a nonprofit solely dedicated to helping >>>>> open >>>>> > source projects improve their security for free. >>>>> > >>>>> > We are working with a team of Google engineers and security experts >>>>> to >>>>> > help important open source projects like dnsmasq. This includes >>>>> helping >>>>> > improve testing, reviewing code, implementing more security tools, >>>>> and >>>>> > improving supply chain security. >>>>> > >>>>> > Additionally, we understand the time constraints that open source >>>>> > contributors have, and would like to compensate contributors for >>>>> their >>>>> > time working with us. >>>>> > >>>>> > We would love to work with you! Please let me know who we should be >>>>> > talking to and how we can help! >>>>> > >>>>> > Thank you in advance for your consideration! >>>>> > >>>>> > Best, >>>>> > >>>>> > Amir >>>>> > >>>>> > >>>>> > -- >>>>> > *Amir Montazery* >>>>> > Managing Director >>>>> > Open Source Technology Improvement Fund >>>>> > https://ostif.org/ <https://ostif.org/> >>>>> > https://calendly.com/ostif <https://calendly.com/ostif> >>>>> > >>>>> > >>>>> > _______________________________________________ >>>>> > zeromq-dev mailing list >>>>> > zeromq-dev@lists.zeromq.org >>>>> > https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>>>> _______________________________________________ >>>>> zeromq-dev mailing list >>>>> zeromq-dev@lists.zeromq.org >>>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>>>> >>>> -- >>>> *Amir Montazery* >>>> Managing Director >>>> Open Source Technology Improvement Fund >>>> https://ostif.org/ >>>> https://calendly.com/ostif >>>> >>>> _______________________________________________ >>>> zeromq-dev mailing list >>>> zeromq-dev@lists.zeromq.org >>>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>>> >>> _______________________________________________ >>> zeromq-dev mailing list >>> zeromq-dev@lists.zeromq.org >>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >>> >> >> >> -- >> *Amir Montazery* >> Managing Director >> Open Source Technology Improvement Fund >> https://ostif.org/ >> https://calendly.com/ostif >> >> _______________________________________________ >> zeromq-dev mailing list >> zeromq-dev@lists.zeromq.org >> https://lists.zeromq.org/mailman/listinfo/zeromq-dev >> > _______________________________________________ > zeromq-dev mailing list > zeromq-dev@lists.zeromq.org > https://lists.zeromq.org/mailman/listinfo/zeromq-dev > -- *Amir Montazery* Managing Director Open Source Technology Improvement Fund https://ostif.org/ https://calendly.com/ostif
_______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org https://lists.zeromq.org/mailman/listinfo/zeromq-dev