Skip to content

[R-2][High] Independent third-party security audit / pentest #2

Description

@v-code01

From the review (https://github.com/v-code01/ledge/blob/main/AUDIT.md R-2). Only a first-party review exists (AUDIT.md). Engage an external auditor for the auth, multi-tenant isolation, untrusted-pack decode, and SSRF surfaces before hosting untrusted tenants. AUDIT.md is the threat model to hand them. Severity: High (for untrusted-multi-tenant use).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions