Hacker News new | ask | show | jobs
by kingbirdy 2858 days ago
This is mentioned in the article

> In preparation for open sourcing we also engaged with Security Innovation, a widely respected agency who count Microsoft, Symantec, and Amazon as clients, to do a more in-depth, week long assessment, with full access to source code and design documents. This found no major issues, which gives us the confidence to open source sso today.
1 comments
baby 2858 days ago
It was only a week long assessment though, I don’t know Security Innovation but I’m sure they would have appreciated more time.
link
itwasntandy 2858 days ago
That is understood, and is always why we engaged with some of the top researchers who contribute to our bug bounty program, from the start with this project.

For example offering increased bounties during certain windows, or providing early access to the source code.

We highly value our bug bounty program, and find it to be a very effective mechanism for continuous security validation.

I'll write a tech blog post in the near future about how we facilitate our program.

link
yubozhao 2858 days ago
Looking forward to read about it. Thank you for the project!
link