We are Security @ Open Source w/ SLU, the cybersecurity/compliance arm of Open Source w/ SLU. Our mission is to support Open Source w/ SLU's mission of contributing to open science with safe and secure software products. We do this by:
- Maintaining the active security posture of Open Source w/ SLU with documentation, auditing, and incident response
- Provide cybersecurity training/education to our developers, contributors, and organization partners
- Contribute to widely used Open Source security tools to aid the wider Open Source community
We aim to establish a security mindset in all who develop software to support the organization's mission and SLU at a broader scale.
Below is an outline of where you can find specific security information.
All of our publicly available security and compliance documentation will be available on our website, which is currently under development. We will provide a timeline of when to expect that when we get closer to releasing it.
Our organizational wide security policy can be found in any repository with actively developing projects. You can find more detailed documentation on how to report issues in our SECURITY.md file on this repository, and on our website once that is finished.
If you are a developer who is recieving a security alert that you don't understand, please swing by our Slack channel where you can ask the security team questions and we'll be happy to assist. For urgent requests please alert the Lead (Samuel Kann) or the Program Director (Daniel Shown) directly either via Slack or email. For specific alerts, please point us to the alert number, do not post the vulnerability in our public Slack channel. For non-urgent requests, expect a response within 24-48 hours.
To report any vulnerabilities, please utilize the Security Advisories in Github. For centralization, please post the Advisory in this Github repo, otherwise response time may be delayed.
We are always interested in hearing contributions from the wider Open Source and Security communities. However, in pursuant to our organization's security as well as SLU's we cannot onboard any outside contributors for the security team. If you are interested in assisting, you may:
- Get involved on a project and contribute your security knowledge to that project
- Direct the security team to public disclosures regarding vulnerabilities in any packages we may use
- Utilize security advisories to report specific vulnerabilities
- Contribute to wider Open Source security tools. Check out OpenSSF for a good start!
Stay safe!
Last updated 1/22/26 by Samuel Kann