A lot of places use Jupyter Notebook (and JupyterHub) to work with private data where security compromises would have serious implications. We have a pretty good track record with security ( to everyone reporting and fixing security issues), but it would be great if we can get a formal, external security audit from a firm specializing in this. This increases notebook security, and acts as a strong signal to many organizations.
This requires funding, and someone to see it through. So,
- How do we find the money for it?
- Who can manage the process? This involves finding a security audit firm, negotiating with them, and seeing it through.
What do you all think?