Skip to content
View joycebrum's full-sized avatar

Block or report joycebrum

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
joycebrum/README.md

Hi there 👋 | Olá!

  • 😄 Pronouns: She/Her.
  • 🇧🇷 I am Brazilian! Born at Natal/RN but raised at Rio de Janeiro.
  • 🔭 I’m working at Google on Google Open Source Security Team (GOSST).
  • 🏫 Graduated in Computer Science at UFRJ.
  • 💻 My favorite programing languages are: Python, Ruby on Rails, Angular and C#.
  • 🌱 My next learning objectives are Japanese and French.
  • 📫 How to reach me: You can send me an email at [email protected].
  • ⚡ Fun fact: I love books, videogames, animes and mangas.

About GOSST 👻

GOSST was created in response to the increasing supply-chain attacks on projects that consume open-source code. It works along with the Linux Foundation's Open Source Security Foundation (OpenSSF) to improve the security of the open-source ecosystem. GOSST and the OpenSSF develop solutions to make open-source software safer at scale. See here for info on Google's open-source initiatives.

I'm part of a GOSST sub-team responsible for working hand-in-hand with the open-source community. We focus on helping individual critical projects increase their security. Our goals are to:

  • develop specific approaches for each project;
  • suggest solutions or enhancements that fit the project's needs and don't overburden maintainers;
  • talk with maintainers about our suggestion or about any other solutions they might prefer;
  • implement the changes and submit them as PRs;
  • collect all feedback to be shared with the rest of GOSST and the OpenSSF.

Security Solutions

See below some of the tools developed by GOSST and the OpenSSF:

  • Scorecard: automated checks to evaluate a project's security practices and suggest improvements as needed;
  • SLSA (pronounced "salsa"): a standard and protocol to ensure an artifact's provenance, guaranteeing it comes from the expected location and process. This aims to prevent tampering and improve the integrity of infrastructure and consumed packages;
  • Sigstore: keyless signing and verification of artifacts;
  • OSS-FUZZ: automated fuzzing at scale;
  • OSV: a human- and machine-readable database of vulnerabilities that maps affected software versions across open source ecosystems;
  • GUAC: graph database of security metadata (in development).

Pinned Loading

  1. Aula-vs-Dormir Aula-vs-Dormir Public

    Um jogo de tap cujo objetivo é sobreviver ao semestre letivo em uma escola/faculdade

    C# 1

  2. lopesgil/hellscape lopesgil/hellscape Public

    Projeto de jogo para o processo seletivo da GDP

    C# 1

  3. Asteroids Asteroids Public

    Desenvolvimento do jogo Asteroids em java como forma de aprendizado da linguagem

    Java

  4. CadeirasConcorrentes CadeirasConcorrentes Public

    HTML 1 1

  5. Calculo-numerico-projeto Calculo-numerico-projeto Public

    Scilab 1

  6. topd97/TrabalhoBD_2018-2 topd97/TrabalhoBD_2018-2 Public

    SQLPL 1 1