Coder Social home page Coder Social logo

Hi there 👋 | Olá!

  • 😄 Pronouns: She/Her.
  • 🇧🇷 I am Brazilian! Born at Natal/RN but raised at Rio de Janeiro.
  • 🔭 I’m working at Google on Google Open Source Security Team (GOSST).
  • 🏫 Graduated in Computer Science at UFRJ.
  • 💻 My favorite programing languages are: Python, Ruby on Rails, Angular and C#.
  • 🌱 My next learning objectives are Japanese and French.
  • 📫 How to reach me: You can send me an email at [email protected].
  • ⚡ Fun fact: I love books, videogames, animes and mangas.

About GOSST 👻

GOSST was created in response to the increasing supply-chain attacks on projects that consume open-source code. It works along with the Linux Foundation's Open Source Security Foundation (OpenSSF) to improve the security of the open-source ecosystem. GOSST and the OpenSSF develop solutions to make open-source software safer at scale. See here for info on Google's open-source initiatives.

I'm part of a GOSST sub-team responsible for working hand-in-hand with the open-source community. We focus on helping individual critical projects increase their security. Our goals are to:

  • develop specific approaches for each project;
  • suggest solutions or enhancements that fit the project's needs and don't overburden maintainers;
  • talk with maintainers about our suggestion or about any other solutions they might prefer;
  • implement the changes and submit them as PRs;
  • collect all feedback to be shared with the rest of GOSST and the OpenSSF.

Security Solutions

See below some of the tools developed by GOSST and the OpenSSF:

  • Scorecard: automated checks to evaluate a project's security practices and suggest improvements as needed;
  • SLSA (pronounced "salsa"): a standard and protocol to ensure an artifact's provenance, guaranteeing it comes from the expected location and process. This aims to prevent tampering and improve the integrity of infrastructure and consumed packages;
  • Sigstore: keyless signing and verification of artifacts;
  • OSS-FUZZ: automated fuzzing at scale;
  • OSV: a human- and machine-readable database of vulnerabilities that maps affected software versions across open source ecosystems;
  • GUAC: graph database of security metadata (in development).

Joyce's Projects

objenesis icon objenesis

Okay, it's pretty easy to instantiate objects in Java through standard reflection. However there are many cases where you need to go beyond what reflection provides. For example, if there's no public constructor, you want to bypass the constructor code, or set final fields. There are numerous clever (but fiddly) approaches to getting around this

osgi icon osgi

OSGi Specification Project Build Repository. Specification, API, implementation, and TCK source code.

oss-fuzz icon oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.

polymer icon polymer

Our original Web Component library.

probestsimulacao icon probestsimulacao

Projeto de simulação amostral para a matéria de Probabilidade e Estatística

prolog icon prolog

Um tradutor em prolog para a lingua do P

protobuf icon protobuf

Protocol Buffers - Google's data interchange format

pybind11 icon pybind11

Seamless operability between C++11 and Python

python-certifi icon python-certifi

(Python Distribution) A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.

python-rsa icon python-rsa

Python-RSA is a pure-Python RSA implementation.

pyyaml icon pyyaml

Canonical source repository for PyYAML

rxjava icon rxjava

RxJava – Reactive Extensions for the JVM – a library for composing asynchronous and event-based programs using observable sequences for the Java VM.

rxjs icon rxjs

A reactive programming library for JavaScript

scorecard icon scorecard

OpenSSF Scorecard - Security health metrics for Open Source

setuptools icon setuptools

Official project repository for the Setuptools build system

sigstore icon sigstore

Common go library shared across sigstore services and clients

systemd icon systemd

The systemd System and Service Manager

tebd icon tebd

Process turtle data and check the semantic relations within data

tensorflow icon tensorflow

An Open Source Machine Learning Framework for Everyone

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.