This is great! To the extent we have this teed up internally, makes it much
easier for DSF to go to Google and coordinate. And even if Google doesn't
pan out, having structure makes it easier for us to, for example, find
funding if some fundraising projects in the works pan out.
On Tuesday, Dec
Another good security improvement would be to allow the database password
and other database information to support AWS Secrets Manager, Goolge
Secrets Management, and HashiCorp vault (+ others).
I have done this in a private package used at the National Library of
Medicine, but my package is both
Taymon Beal writes:
> First-class integration with one or more secrets management systems, both
to generally contain secrets better and more specifically
> so people aren't so tempted to check SECRET_KEYs and database passwords
into source control. (I think this was mentioned in the list of GSoC
pr
I've made some minor contributions to django-csp, and CSP is an active area
of interest to me. Should I send out the proposal myself or work with the
core team?
On Saturday, December 21, 2019 at 12:51:11 PM UTC-5, Adam Johnson wrote:
>
> I just saw Google is expanding their Patch Rewards program
Here's an idea, but you'll have to ask around if it's eligible for a
patch reward.
Some time ago I wrote fuzzers for Django, which have been running 24/7
on OSS-Fuzz since.
Thanks to this fuzzer, a few DoS bugs were found [2] and it would
likely have caught some historic DoS bugs.
The current fuz
(Disclosure: I'm on Google's security team, and my views on this topic are
informed by what kinds of things we tend to look for in Web frameworks, but
here I don't speak for them, only for myself.)
Beyond those already mentioned, here are some potential security
improvements I'd like to see in Dja
Really good plans Adam!
On Saturday, December 21, 2019 at 11:51:11 PM UTC+6, Adam Johnson wrote:
>
> I just saw Google is expanding their Patch Rewards program for open source
> security improvements:
> https://security.googleblog.com/2019/12/announcing-updates-to-our-patch-rewards.html
>
> They
On Sat, Dec 21, 2019 at 12:51 PM Adam Johnson wrote:
> I just saw Google is expanding their Patch Rewards program for open source
> security improvements:
> https://security.googleblog.com/2019/12/announcing-updates-to-our-patch-rewards.html
>
> They are offering two tiers of rewards - $5,000 or
I just saw Google is expanding their Patch Rewards program for open source
security improvements:
https://security.googleblog.com/2019/12/announcing-updates-to-our-patch-rewards.html
They are offering two tiers of rewards - $5,000 or $30,000 - for open
source projects making security improvements
