Re: [equinox-dev] Security audit of the recent changes to Eclipse p2 (PG

[Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx>]

Dear equinox/p2 devs,

OSTIF got the responses from the audit companies and the best one was from Include Security that covers:

1) Code review Equinox p2
2) Threat model
3) SAST Review and suggestions
4) ossfuzz review and implementation(as time allows)
5) Reporting
6) QA / Project Management

They may report issues / ask for feedbacks but they're able to accommodate your best availability in Nov, Dec, or Jan. When would it be best for them to start?

Thanks!

Mikaël Barbero 

Head of Security | Eclipse Foundation

🐦 @mikbarbero

Eclipse Foundation: The Platform for Open Innovation and Collaboration

Attachment: signature.asc
Description: Message signed with OpenPGP