Running security audits on open source repos with a tool we've built and reporting what I find to maintainers. Mostly infrastructure stuff — vector
databases, LLM tooling, secrets managers. Been doing responsible
disclosure and submitting fixes which are all autogenerated. Surprisingly high acceptance rate so far, which is encouraging. Working on automating more
of the test process...
No comments yet.