Techly NewsGet the app

Get the latest tech news

Our audit of Homebrew


By William Woodruff This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself…

Our audit’s scope included Homebrew/brew itself (home of the brew CLI), and three adjacent repositories responsible for various security-relevant aspects of Homebrew’s operation: This audit was sponsored by the Open Tech Fund as part of their larger mission to secure critical pieces of internet infrastructure. These patterns do not necessarily enable persistence or pivoting by a fully external actor, but may be leveraged by a lower-privileged insider (such as a rogue maintainer) to undermine the integrity and isolation assumptions made by Homebrew’s CI/CD.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of audit

audit

Photo of Homebrew

Homebrew

Related news:

News photo

Mike McQuaid on 15 Years of Homebrew and Protecting Open-Source Maintainers

News photo

China’s homebrew openKylin OS creates a cut for AI PCs

News photo

Alibaba Cloud reveals its datacenter design, homebrew network used for LLM training

« EA Sports College Football helped September quarter start with a bang | Andrew Wilson
Lineaje raises $20M to help organizations combat software supply chain threats »