Hello git maintainers, The Open Source Technology Improvement Fund, Inc (https://ostif.org) has put together a coalition of 18 security professionals and researchers to conduct a holistic security review of git. The objective of this email is to inform you of the effort and seek collaboration. We feel that the more we can engage and collaborate with git maintainers, the more effective and impactful our security review can be. An overview of the teams and work packages is as follows: Git Security Audit Work Packages: Git source code review and threat modeling: This will be done by the team at x41 d-sec with support from Gitlab reps. Supply chain security / CI infrastructure review with Chainguard and support from Gitlab. A new setup of CodeQL for git with Xavier, Turbo and their team from Github. We would love to collaborate to establish communication channels with key maintainers. Would it be possible for one of us to join one of your community meetings for 5 minutes? Or is there a key person we should be engaging? We thank you for maintaining a key and critical piece of software for the open source community and beyond. Thanks again, Amir -- Amir Montazery Managing Director Open Source Technology Improvement Fund https://ostif.org/ https://calendly.com/ostif
