Helping securing QGIS

[Marco Bernasocchi]

Dear Securing Critical Projects Group, 

I'm the Chair of the QGIS.org association.

Thanks to yesterday's google blog post [1] about the Criticality score, we discovered that QGIS is position 10 on the C++ list.

We would be very interested in collaborating with you to find more sustainable ways to support our incredible project and community.

Cheers

Marco

[1] https://opensource.googleblog.com/2020/12/finding-critical-open-source-projects.html

[Amir Montazery]

Hello Marco! 

Thank you for the note and sharing with the group. In my experience, LFX (https://lfx.linuxfoundation.org/) can be a good tool for a project like QGIS. I'm familiar with the crowdfunding tools built into the platform so you can apply for specific projects, initiatives, or security review. From what I've seen, there is a lot that can be done there and a growing number of supporting corporate sponsors. 

This is just my opinion, as I don't speak for the entire workgroup. Let me know if you have any questions. The workgroup is inviting and supportive, so feel free to join one of the meetings and share your thoughts. 

Thank you!
Amir Montazery

--
You received this message because you are subscribed to the Google Groups "wg-securing-critical-projects" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wg-securing-critical...@googlegroups.com.
To post to this group, send email to wg-securing-cr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wg-securing-critical-projects/9ee13533-9e59-481a-bfa3-f52a9a34c033n%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Amir Montazery

Chief Operating Officer

Open Source Technology Improvement Fund
https://ostif.org/

[Dan Lorenc]

Thanks for reaching out Marco, and thanks Amir for the OSTIF pointers. The goal of that blog post and this group are to help connect projects with groups that can help, so this is working as intended!

Google might have a couple programs that we can use to help here as well. Marco, can you share any more details on what type of help you're looking for? After that I can try to connect you with any appropriate programs off-thread. Off the top of my head though, would getting some help integrating with fuzzing systems be interesting to you?

Dan Lorenc

To view this discussion on the web visit https://groups.google.com/d/msgid/wg-securing-critical-projects/CADKuG0vTTtJ88t8HJYJxbfmvBu8st4XhHPQwrAgFoVQN1uVhnA%40mail.gmail.com.