We believe that transparency in our software is an important part of ensuring security and privacy. This repository is meant to provide a public place for open source software developers, interested security and privacy experts to go to understand Path Check's:
- Principles relating to security and privacy. A list of concrete, technical, verifiable privacy principles and tests that developers should build into Safe Paths and Safe Places, and testers should verify.
- Test reports relating to Security and Privacy.
- External test reports related to our adherence to security and privacy (i.e. static code analysis).
- Issues relating to deviations from our Principles referenced above and known external standards.
- Related documents, such as Data Privacy Impact Assessments
This document should be considered the guiding requirements that Path Check Inc expects to implement, and will verify against. It does not currently consider self-reporting of symptoms, or the implementation of a Bluetooth based proximity system.
- Submit a pull request
- Request reviews on the #fn_privacy channel (message Adam Leon Smith if you need to be added to this channel)
- Read the principles and pick a privacy or security principle you can test
- If it relates to an OWASP verification, the test methodology is documented in the OWASP github for web testing or mobile testing
- Create a markdown (or any other) document describing your test method and results in github
- Create a pull request to merge this in to the master branch
- Request reviews on the #fn_privacy channel (message Adam Leon Smith if you need to be added to this channel)
- https://github.com/PrivateKit/PrivacyDocuments provides technical research from the MIT team
- https://github.com/ComputationalLaw/CV19-Data-Privacy-Principles/ provides input from the MIT Computational Law team