In August of 2021 HUMAN announced the creation of the Dan Kaminsky Fellowship to honour the memory of one of our co-founders who sadly passed away earlier in the year. The idea of the fellowship is to celebrate Dan’s memory by funding a Fellow for a year to work on open-source projects that make the world a better (and more secure) place. I am honoured to be the technical lead on this project.
I have been involved with open source for many years, starting off in 2004 with a file encryption plugin for Ant, a series of blog posts for the (new defunct) iCommons NGO, open source projects at last.fm and the Expedia Group and via my personal GitHub profile as well as various presentations at conferences. Over the past few years I’ve mentored a number of female software developers with the aim of developing their skills in hopes of slowly chipping away at the woeful lack of gender diversity in our field. So, when the opportunity came up at HUMAN to be involved with the Dan Kaminsky Fellowship I leapt at it!
We received a number of applications for the fellowship but one stood head and shoulders above the rest and was our top pick. I’m very excited to announce the inaugural Dan Kaminsky Fellow: Jonathan Leitschuh. Jonathan has a passion for open source and for finding and fixing security issues in open source projects. As Log4Shell has recently reminded us, even hugely successful open source projects with hundreds of contributors and an active community can have vulnerabilities lurking in their code. Jonathan has already done some work in this area via his Bulk Security Pull Request Generator, which generates bulk pull requests against Git repositories in order to fix security vulnerabilities. This has been used to implement a preference for HTTPS over HTTP in Maven projects; fix an array overflow error in implementations of the Point to Point protocol; and to resolve a random number generator problem in code generated by JHipster. All in all several thousand pull requests have been submitted to projects on GitHub to resolve these problems. Our aim is to build on this success over the coming year as the fellowship allows him to focus his efforts 100% on making the internet a safer place for us all.
We plan to be agile and adapt the goals and work done under the banner of the Fellowship as we progress. The initial plan is to start by using CodeQL to find vulnerabilities in open source projects. HUMAN will be funding Jonathan for the coming year and providing not only financial support, but also access to our team of enthusiastic and knowledgeable hackers, communicators, public speakers, and technical writers. I’d like to stress that everything Jonathan produces will be open sourced and made available for anyone to benefit from.
As part of the HUMAN family I’m personally thrilled to be playing a small part in preserving Dan Kaminsky’s legacy by championing this fellowship. There’s a limitless power of open-source work to protect this internet. We welcome Jonathan to that fight and look forward to sharing what we accomplish together.