The purpose of Omega is to run leading-edge security analysis against the top 10,000 (or more) open source projects, to validate and triage those findings, and then to get the issues fixed by working with project maintainers.
We're currently hiring two roles for Omega, including:
-
Security Researcher/Analysis - Primary responsibility is to identify and fix new vulnerabilities across the open source ecosystem.
-
Software/Security Engineer - Primary responsibility is to build and tune the tooling and automation that enables the Security Researcher/Analyst to work effectively and efficiently.
These two roles will work closely together to meaningfully improve the security of the open source software we all depend on every day.
If you, or anyone you know may be interested in one of these roles, please have them apply using the links above.
Omega uses a publicly available toolchain, which consists of dozens of open source and freely- available tools. These tools include CodeQL, Semgrep, OSS Gadget, and others. For a full list of analyzers, please see list-of-tools.
To run the Omega analysis toolchain, please see analyzer.