Hi everyone, At one of the last coreboot leadership meetings, the idea of a coreboot security team was brought up.
We'd like to build a group to look at coreboot's source code with an eye on security, respond to issues on the security mailing list, help fix security-related issues, and shepherd security related patches through gerrit. Additionally we'd like upcoming features to go through this group to look for possible security issues.
This team would preferably be a mix of some of the senior coreboot developers, firmware/software security researchers, and industry professionals.
I know that many of the companies working on coreboot have dedicated security teams. It would be great if a couple of these companies could be convinced to assign individuals to spend a few hours a week on the coreboot project.
If anyone would be interested in being on this team, or knows someone who would be good in this role, please reach out.
Thanks. Martin