Goal
Come up with a way for us to share reference implementations of things like:
- Validators
- Decoders
- Performance improvements
- Remediation playbooks (if so what format?1)
- More?
Needing Research
What format can we share things in that is beneficial to the most people? Should it be something that can compile to a C compatible interface?
What languages are most open source scanners written in, and what do a lot of vendors use?
Might be worth creating a survey with different levels of information the vendor might be willing to share. And also tell them how they could benefit from providing this information. Open source projects would just be a matter of finding them and filling out the answers ourselves. AI deep research might be able to hunt down a lot of the projects here.
Example Survey:
This survey is to gather statistics about secret scanning tools.
The name of your company will not be displayed with the results.
You may also leave any question blank that you do not wish to answer.
The answers will be used to help inform our research and gauge needs in this space.
What language is it primarily written in?
If applicable, which open source scanner does it leverage?
Does your company use custom patterns or the default ones provided by the scanner?
What is the biggest strength of your scanner?
What is the biggest improvement you would like to see in your scanner?
Would you be willing to contribute to this SIG or any other open source projects?
Would you like more information on how to contribute?
That definitely needs work and probably more questions, but that's kind of what I'm thinking.
Goal
Come up with a way for us to share reference implementations of things like:
Needing Research
What format can we share things in that is beneficial to the most people? Should it be something that can compile to a C compatible interface?
What languages are most open source scanners written in, and what do a lot of vendors use?
Might be worth creating a survey with different levels of information the vendor might be willing to share. And also tell them how they could benefit from providing this information. Open source projects would just be a matter of finding them and filling out the answers ourselves. AI deep research might be able to hunt down a lot of the projects here.
Example Survey:
That definitely needs work and probably more questions, but that's kind of what I'm thinking.
Footnotes
I'm kind of working on how to share security playbooks between platforms already. CACAO might be a good format for now but if that turns up anything I'll share here. ↩