Hello everyone, We built clubsall, a frontend for federated content. Since the goal is to help build a reddit competitor, open sourcing is the logical next step.

However, without a review, I am afraid website could get hacked quickly.

Does someone with experience in scanning code for security issues or white hat hacking wants to help increase confidence so I can open source it?

  • nickwitha_k (he/him)@lemmy.sdf.orgEnglish
    5·
    1 day ago

    As someone who works in software engineering and has experience in multiple languages, infosec, as well as working through compliance with multiple certification standards, I’d be happy to help, provided one of two conditions is met:

    1. You pay me my salary rate, with a minimum of 10 hours, half in advance and report available after receipt of full payment (grew up with tradespeople and a lot about working with clients comes from what I learned from them).

    Or,

    1. The code base is fully, and permanently open-sourced, prior to code review. This means licensing under GPL, LGPL, MIT, or BSD licenses, or equivalent, not “source available”.