Giter VIP home page Giter VIP logo

About me

Hi! I'm Gabriela, I have graduated in software engineering and have been working with it since then.

Here https://gabibguti.github.io/ I have put up a small portfolio (and it is forever a work in progress).

I currently work as a software engineer at Google within GOSST team. If you wanna learn more about GOSST, keep on reading!

About GOSST πŸ‘»

GOSST team logo

GOSST was created as a response to the current scenario of increasing attacks on supply chain projects. The team counts with experienced open-source contributors and works along with the Open Source Security Foundation (OpenSSF) to develop and spread solutions to make open softwares safer at scale. You can read more about Google initiatives on open source on this blogpost.

More specifically, I'm part of a sub-team responsible for our direct contact with the Open Source community. We work around critical open source projects to help increase security, in any aspect or concern that might be relevant. As a team, our goal is to:

  • Build individual analyses and approaches for each project.
  • Evaluate and suggest solutions or enhancements that would better fit the repository and not overcharge the maintainers.
  • Welcome and conduct discussions about our suggestion or about any security solutions the maintainers prefer, as we can surely provide specific help according to their demands.
  • If possible and wanted, implement the changes ourselves and create PRs to contribute with the discussed improvements.
  • Collect any kinds of feedback, as we work closely with OpenSSF and any complains would be kindly heard.

Security Solutions

In regard to the GOSST/OpenSSF security solutions that help securing the supply-chain, we can name:

  • Scorecard: automated checks to evaluate and suggest security practices on your own project or your dependencies
  • SLSA (pronounced "salsa"): a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises
  • Sigstore: a new standard for signing, verifying and protecting software
  • OSS-FUZZ: a tool for fuzzing at scale and find bugs in critical projects, now fuzzing 800+ projects in 6 languages
  • OSV: a precise, human - and machine - readable database of vulnerabilities that maps affected software versions across open source ecosystems

Gabriela Gutierrez's Projects

backoff icon backoff

⏱ The exponential backoff algorithm in Go

best-practices-badge icon best-practices-badge

πŸ†Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)

bitflags icon bitflags

A macro to generate structures which behave like bitflags

bitset icon bitset

Go package implementing bitsets

cachetools icon cachetools

Extensible memoizing collections and decorators

deck.gl icon deck.gl

WebGL2 powered visualization framework

dummy-project icon dummy-project

Dummy project to test publishing a npm package with provenance

glslang icon glslang

Khronos-reference front end for GLSL/ESSL, partial front end for HLSL, and a SPIR-V generator.

grype icon grype

A vulnerability scanner for container images and filesystems

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.