Closed JLLeitschuh closed 5 months ago
For PHP/Composer/Packagist.org we've been recommended these two firms for testing/code auditing: https://www.synacktiv.com/ and https://cure53.de/
I believe this work is shelved for the time being, but for future proposals, see https://blog.pypi.org/posts/2023-11-14-1-pypi-completes-first-security-audit/ for an example of this kind of engagement.
Draft Proposal: https://docs.google.com/document/d/1EzYfM5-S5I27fC8_YE-bN-nm-J8Q1tG6aC_MKYpUvH0/edit#