Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commission security audits ahead of General Availability #31

Open
gnarea opened this issue Dec 1, 2021 · 2 comments
Open

Commission security audits ahead of General Availability #31

gnarea opened this issue Dec 1, 2021 · 2 comments

Comments

@gnarea
Copy link
Member

gnarea commented Dec 1, 2021
edited
Loading

Apart from our own libraries, apps and cloud infrastructure, we should try to get the following third-party dependencies audited too:

  • PKI.js (at least Certificate, EnvelopedData, SignedData and their internal dependencies).
  • @peculiar/webcrypto and webcrypto-core (at least the algorithms we use).
  • asn1js.
  • @stablelib/aes-kw (used in Electron apps only)

See: https://www.opentech.fund/labs/red-team-lab/
@gnarea
Copy link
Member Author

gnarea commented Jan 4, 2024

The request has been approved and work will begin Feb 2024 (next month).

@gnarea
Copy link
Member Author

gnarea commented Dec 3, 2024

The first part was published recently: https://awala.app/en/blog/2024-security-audit-part1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gnarea