This project takes security very seriously. If you ever find a vulnerability, please get in touch ASAP and/or open an issue unless disclosure is harmful (make sure to check the confidential checkbox).
With the goal of keeping this project secure, several measures are taken:
- Good test coverage to prevent bugs.
- Code fuzzed to uncover unexpected bugs.
- Static typing to prevent type-related bugs.
- Tags, releases and packages are always signed.
- No external dependencies to diminish attack surface and risk.
- Safe defaults and secure minimums enforced for sensitive values.
- Analysis of (dev) dependencies for known vulnerabilities using safety and trivy.
- Static analysis of code for common pitfalls and potential vulnerabilities using bandit.
- Build reproducibility thanks to poetry: trusted code -> trusted package (although this may not be too important).
I wrote a fuzzing helper using pythonfuzz, check the fuzz module. I fuzzed each signer for over 48hs without finding any issue, and now added a short fuzzing session in the CI for every release to ensure that simple bugs are caught from beforehand.
Continuous fuzzing wanted
Fuzzing truly benefits a project when is run continuously, but I can't currently pay for a VPS for this, so I'm looking for ideas on this matter.
External security review¶
This project hasn't been externally audited yet, so this project needs a security review. If you are an expert and can do it, please contact me. The results of said review will be published here.