• 😄 Pronouns: He/Him
• 🇧🇷 I am Brazilian! Currently Living in São Paulo
• 🎓 Graduated in Computer Engineering in University of Campinas (UNICAMP), with an exchange program to Russia 🎒
• 💻 My favorite language is Kotlin, and I love to code using VIM
• 🕶️ Fun facts:
  • 🐈 I'm a very proud cat dad! His name is Ravi 🥰
  • 🎮 I'm a fan of Dark Souls series and I'm enjoying my recently bought Playstation 5 😋
  • 🍷 I love wine and I'm starting to learn about them hehe
• 🏢 I work at Google on Google Open Source Security Team (GOSST)
• 📖 My next learning objectives are French and improving general communication/leading skills
• 💬 I'd be more than happy to receive any contact throughdiogoteles@google.com,Twitter orLinkedIn 😃

GOSST was created as a response to the current scenario ofincreasing attacks on supply chain projects. The team counts with experienced open-source contributors and works alongside the Open Source Security Foundation (OpenSSF) to develop and spread solutions to make open software safer at scale. You can read more about Google initiatives on open source onthis blogpost.

More specifically, I'm part of a sub-team responsible for our direct engagement with the Open Source community. We work withcritical open source projects to help them increase their security, in any way we can. As a team, our goal is to:

• Build individual analyses and approaches for each project.
• Evaluate and suggest solutions or enhancements that would better fit the repository and not burden the maintainers.
• Welcome and conduct discussions about our suggestion or any security solutions the maintainers prefer, as we can surely provide specific help according to their demands.
• If possible and wanted, implement the changes ourselves via PRs to contribute with the discussed improvements.
• Collect all kinds of feedback, as we work closely with OpenSSF and any complaints would be kindly heard.

Please read more about our acchievements on our1-year blogpost.

See below some of the tools developed by GOSST and the OpenSSF:

• Scorecard: automated checks to evaluate a project's security practices and suggest improvements as needed
• SLSA (pronounced "salsa"): a standard and protocol to ensure an artifact's provenance, guaranteeing it comes from the expected location and process. It prevents tampering and improves the integrity of infrastructure and consumed packages
• Sigstore: keyless signing and verification of artifacts
• OSS-FUZZ: automatedfuzzing at scale, now fuzzing 800+ projects in 6 languages
• OSV: a precise human - and machine - readable database of vulnerabilities that maps affected software versions across open source ecosystems
• OSV-Scanner: A frontend for the OSV Database that connects a project’s list of dependencies with the vulnerabilities that affect them
• GUAC: graph database of security metadata (in development)

Popular repositoriesLoading

1. mySetupmySetupPublic

   Vim Script 1

2. mc613mc613Public

   Forked fromgpspelle/mc613

   VHDL 1

3. ms211ms211Public

   Forked fromlcnzg/ms211

   Projetos da disciplina MS211, UNICAMP, 2018-1

   MATLAB 1

4. mc504mc504Public

   Forked fromlcnzg/mc504

   Projetos da disciplina MC504, UNICAMP, 2018-1

   C 1

5. mc346mc346Public

   Haskell 1

6. hackathon-covid19hackathon-covid19Public

   Code of solution used for a hackathon organized by Patronos, themed as solutions for covid-19 effects

   Python 1