undefined | Better HN

0 pointskingbirdy7y ago0 comments

This is mentioned in the article

> In preparation for open sourcing we also engaged with Security Innovation, a widely respected agency who count Microsoft, Symantec, and Amazon as clients, to do a more in-depth, week long assessment, with full access to source code and design documents. This found no major issues, which gives us the confidence to open source sso today.

0 comments

baby7y ago

It was only a week long assessment though, I don’t know Security Innovation but I’m sure they would have appreciated more time.

itwasntandy7y ago

That is understood, and is always why we engaged with some of the top researchers who contribute to our bug bounty program, from the start with this project.

For example offering increased bounties during certain windows, or providing early access to the source code.

We highly value our bug bounty program, and find it to be a very effective mechanism for continuous security validation.

I'll write a tech blog post in the near future about how we facilitate our program.

yubozhao7y ago

Looking forward to read about it. Thank you for the project!

j / k navigate · click thread line to collapse