Light

Gabriela Gutierrez photo

gabibguti Goto Github PK

followers: 42.0 following: 31.0 repos: 72.0 gists: 0.0

Name: Gabriela Gutierrez

Type: User

Company: Google

Bio: Software Engineer at Google Open Source Security Team (GOSST) :ghost:

Location: Sao Paulo

About me

Hi! I'm Gabriela, I have graduated in software engineering and have been working with it since then.

Here https://gabibguti.github.io/ I have put up a small portfolio (and it is forever a work in progress).

I currently work as a software engineer at Google within GOSST team. If you wanna learn more about GOSST, keep on reading!

About GOSST 👻

GOSST was created as a response to the current scenario of increasing attacks on supply chain projects. The team counts with experienced open-source contributors and works along with the Open Source Security Foundation (OpenSSF) to develop and spread solutions to make open softwares safer at scale. You can read more about Google initiatives on open source on this blogpost.

More specifically, I'm part of a sub-team responsible for our direct contact with the Open Source community. We work around critical open source projects to help increase security, in any aspect or concern that might be relevant. As a team, our goal is to:

Build individual analyses and approaches for each project.
Evaluate and suggest solutions or enhancements that would better fit the repository and not overcharge the maintainers.
Welcome and conduct discussions about our suggestion or about any security solutions the maintainers prefer, as we can surely provide specific help according to their demands.
If possible and wanted, implement the changes ourselves and create PRs to contribute with the discussed improvements.
Collect any kinds of feedback, as we work closely with OpenSSF and any complains would be kindly heard.

Security Solutions

In regard to the GOSST/OpenSSF security solutions that help securing the supply-chain, we can name:

Scorecard: automated checks to evaluate and suggest security practices on your own project or your dependencies
SLSA (pronounced "salsa"): a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises
Sigstore: a new standard for signing, verifying and protecting software
OSS-FUZZ: a tool for fuzzing at scale and find bugs in critical projects, now fuzzing 800+ projects in 6 languages
OSV: a precise, human - and machine - readable database of vulnerabilities that maps affected software versions across open source ecosystems

Gabriela Gutierrez's Projects

jackson-core

Core part of Jackson that defines Streaming API as well as basic shared abstractions

jquery

jQuery JavaScript Library

k8s-manifest-sigstore

kubectl plugin for signing Kubernetes manifest YAML files with sigstore

kubearmor

Cloud-native Runtime Security Enforcement System. Workload hardening and implementing least-permissive policies made easy.

lapack

LAPACK development repository

libzip

A C library for reading, creating, and modifying zip archives.

logging-log4j2

Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

material-ui

MUI Core: Ready-to-use foundational React components, free forever. It includes Material UI, which implements Google's Material Design.

memory-manager

Implementing a simulator for a memory manager with 4 user processes and LFU substitution.

micro-drone-jan

ENG1429 - Projeto Final de Microcontroladores - Jan

multilevel-scheduler

node

Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles:

numactl

NUMA support for Linux

objenesis

papers-ihc-interface

Interface implementation using ReactJS for IHC papers analysis.

prometheus

The Prometheus monitoring system and time series database.

promise-polyfill

Lightweight ES6 Promise polyfill for the browser and node. A+ Compliant

python-future

Easy, clean, reliable Python 2/3 compatibility

rc

The non-configurable configuration loader for lazy people.

redux

Predictable state container for JavaScript apps

rex

root-signing

A TUF repository for the trusted material of Sigstore's public-good-instance components

rubygems

Library packaging and distribution for Ruby.

rust-bit-field

scorecard

Security Scorecards - Security health metrics for Open Source

scorecard-check-binary-artifacts-e2e

scorecard-webapp

Website and API for OpenSSF Scorecard

simplysql

starter-workflows

Accelerating new GitHub Actions workflows

stone-challenge

1
2
3

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.