Code Monkey home page Code Monkey logo

About me 😸

A cinephile, there's nothing I like more than going to the movies (preferably with others!) and eat some popcorn. I can watch just about anything, from superhero flicks to period dramas to slapstick comedy. Some of the best movies I've ever watched are so bad... but so, so good.

Professionally... let's just say I've been around. Started off as a structural engineer, but soon migrated to developing software for engineers for a while. After a hiatus doing an MBA, went on to work in the financial industry doing data science. Looking to make more of an impact, I went off to work with...

The Google Open Source Security Team (GOSST 👻)

GOSST was created in response to the increasing supply-chain attacks on projects that consume open-source code. It works along with the Linux Foundation's Open Source Security Foundation (OpenSSF) to improve the security of the open-source ecosystem. GOSST and the OpenSSF develop solutions to make open-source software safer at scale. See here for info on Google's open-source initiatives.

I'm part of a GOSST sub-team responsible for working hand-in-hand with the open-source community. We focus on helping individual critical projects increase their security. Our goals are to:

  • develop specific approaches for each project;
  • suggest solutions or enhancements that fit the project's needs and don't overburden maintainers;
  • talk with maintainers about our suggestion or about any other solutions they might prefer;
  • implement the changes and submit them as PRs;
  • collect all feedback to be shared with the rest of GOSST and the OpenSSF.

Security Solutions

See below some of the tools developed by GOSST and the OpenSSF:

  • Scorecard: automated checks to evaluate a project's security practices and suggest improvements as needed;
  • SLSA (pronounced "salsa"): a standard and protocol to ensure an artifact's provenance, guaranteeing it comes from the expected location and process. This aims to prevent tampering and improve the integrity of infrastructure and consumed packages;
  • Sigstore: keyless signing and verification of artifacts;
  • OSS-FUZZ: automated fuzzing at scale;
  • OSV: a human- and machine-readable database of vulnerabilities that maps affected software versions across open source ecosystems;
  • GUAC: graph database of security metadata (in development).

Pedro Kaj Kjellerup Nacht's Projects

arrow icon arrow

Apache Arrow is a multi-language toolbox for accelerated data interchange and in-memory processing

bazel icon bazel

a fast, scalable, multi-language and extensible build system

bitset icon bitset

Go package implementing bitsets

boost icon boost

Super-project for modularized Boost

bootstrap icon bootstrap

The most popular HTML, CSS, and JavaScript framework for developing responsive, mobile first projects on the web.

compose icon compose

Define and run multi-container applications with Docker

cppitertools icon cppitertools

Implementation of python itertools and builtin iteration functions for C++17

cpuinfo icon cpuinfo

CPU INFOrmation library (x86/x86-64/ARM/ARM64, Linux/Windows/Android/macOS/iOS)

dummy-project icon dummy-project

Dummy project to test publishing a npm package with provenance

flex icon flex

The Fast Lexical Analyzer - scanner generator for lexing in C and C++

fsnotify icon fsnotify

Cross-platform file system notifications for Go.

grpc icon grpc

The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)

grpc-go icon grpc-go

The Go language implementation of gRPC. HTTP/2 based RPC

httplib2 icon httplib2

Small, fast HTTP client library for Python. Features persistent connections, cache, and Google App Engine support. Originally written by Joe Gregorio, now supported by community.

icu icon icu

The home of the ICU project source code.

j2cl icon j2cl

Java to Closure JavaScript transpiler

jackson-annotations icon jackson-annotations

Core annotations (annotations that only depend on jackson-core) for Jackson data processor

jackson-core icon jackson-core

Core part of Jackson that defines Streaming API as well as basic shared abstractions

jackson-databind icon jackson-databind

General data-binding package for Jackson (2.x): works on streaming API (core) implementation(s)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.