Pro Bono Security Consulting
Least Authority will provide pro bono security consulting services to selected open source Privacy Enhancing Technologies (PETs).
Our security consulting services are core to our mission of “supporting the development of usable technology solutions and ethical business practices to advance digital security and preserve privacy as a fundamental human right”.
By helping other teams improve the security of their projects, we aim to make a meaningful contribution to the individual projects themselves, in addition to benefiting the advancement of the technologies that we review and the users and communities who utilize them.
Improving the Security of Privacy Enhancing Technologies
In an effort to support PETs that face significant resource constraints, Least Authority is excited to announce that we are offering pro bono security consulting services to selected qualifying projects.
The pro bono security consulting program will initially provide limited services. However, Least Authority intends to establish a broader and more sustainable initiative over time. As we re-evaluate and refine our process and offerings, we will keep members of the community informed of the initiative updates through our blog and our newsletter, along with updating the details on this program page.
Projects interested in participating in the pro bono security consulting program should adhere to the following:
If requesting a security audit:
- A fixed term (exact schedule TBD) security audit will be carried out by a team of our security researchers and / or cryptographers;
- The security audit target will be fixed to a stable code release, which will be mutually agreed upon with the development team prior to the beginning of the security audit;
- The verification process must take place within 60 days of delivering the initial audit report; and
- The project has reviewed and completed the Audit Preparation Checklist.
If requesting other forms of security consultation:
- Clearly outlined and detailed design or system documentation; and
- Specific questions or other support needs related to the security of the system.
The final audit or consultation report will be published on Least Authority’s website, along with the project’s usual communication channels, and shared via our social media channels to allow a broader community to benefit from the efforts.
Please see the Security Consulting FAQs for answers to more general questions about our security consulting services and process.
Projects that meet the following criteria are encouraged to apply:
- Open source projects;
- Non-profit organizations or projects that are resource constrained;
- Projects aligned with Least Authority’s mission to “advance digital security and preserve privacy as a fundamental human right”, such as Privacy Enhancing Technologies (PETs); and
- Willingness to publish the results of the security consulting efforts.
Send an email to firstname.lastname@example.org describing the following:
- Project technical details (such as code and documentation);
- Project’s goals and purpose (such as target use case, mission and values);
- An explanation regarding the inability to cover the cost of a security audit, including any applicable reasons why the project does not qualify for funding through a grant or foundation; and
- Details about the security audit or consultation project that is desired from us.
- We are accepting applications on a rolling basis, and the selected application will be notified by December 31, 2021.
- The security audit or consultation start date and subsequent schedule will be determined depending on the selected qualifying project.