Yes, as mentioned in the blog post, we worked with Security Innovation to do a week long security assessment with full access to source code, design documents and endpoints.
We also have a long term consulting arrangement with a widely respected security architect, and they helped review our design and implementation.
Additionally, BuzzFeed has a bug bounty program on hackerone (https://hackerone.com/buzzfeed), and have invited partipating researchers to report on any issues found. We’ve paid out bounties for a number of minor issues, which were addressed prior to open-sourcing.
We also have a long term consulting arrangement with a widely respected security architect, and they helped review our design and implementation.
Additionally, BuzzFeed has a bug bounty program on hackerone (https://hackerone.com/buzzfeed), and have invited partipating researchers to report on any issues found. We’ve paid out bounties for a number of minor issues, which were addressed prior to open-sourcing.
Additionally, knowing that security is never done, we continue to make it eligible for bounties -- see https://github.com/buzzfeed/sso/blob/master/README.md#securi...