OpenPrinting Logo
OpenPrinting
Back to GSoC 2025
GSoC 2025Project Idea

Security Auditing for OpenPrinting Projects

2 minute read

Introduction

Security-related project

1 contributor full-size (350 hours), Level of difficulty: Intermediate

OpenPrinting projects play a critical role in the printing infrastructure of countless systems, making their security paramount. Inspired by security auditing reports from other open source communities (CNCF: Security Audit for Karmada, Security Audit for Kubernetes and Security Audit for OpenSSF), we believe a comprehensive security auditing report could significantly enhance the robustness and reliability of these projects. This initiative will leverage advanced software analysis methods to conduct thorough security audits.

The audit process includes scoring OpenPrinting projects using OpenSSF’s Security Scorecard and examining the projects and their dependencies with respect to testing status, which encompasses adherence to continuous integration (CI) test best practices and test coverage assessments. Furthermore, dynamic testing should also be considered, for example, end-to-end fuzzing techniques such as AFLplusplus, which assists in the successful detection of CVE-2024-47076. Static analysis tools including cppcheck and flawfinder, Valgrind can be employed for checking the implementation flaws. The overall security audit should include dynamic software analysis methodologies to cover more extensive aspects of OpenPrinting projects.

Project Goals for GSoC 2025: The primary objective of this Google Summer of Code project is to complete a systematic security audit report for OpenPrinting. This comprehensive process includes maximizing the scores provided by the OpenSSF Security Scorecard and scanning dependencies using existing SADT tools. In addition to static analysis, incorporating dynamic testing methodologies will provide an exhaustive overview of security across the entire network of projects. The project aims to identify and mitigate potential vulnerabilities effectively, ensuring that a robust defense mechanism is in place to protect the integrity of the OpenPrinting infrastructure.

Contributors are expected to: Use or implement dynamic testing/auditing tools for analyzing OpenPrinting projects, which includes examining OpenSSF Scorecard of OpenPrinting projects and preparing detailed security auditing reports outlining discovered vulnerabilities. The contributor should also coordinate with security experts to address these issues effectively.

Mentors

Till Kamppeter, Project Leader OpenPrinting (till at linux dot com), Jiongchi Yu, PhD Candidate at Singapore Management University (jiongchiyu at gmail dot com), George-Andrei Iosif, Security Engineer at Snap Inc. (hi at iosifache dot me).

Desired knowledge

C/C++, code auditing

Code License

Apache 2.0, MIT (licenses of the OpenPrinting projects)