Geomys is an organization of professional open source maintainers, focused on a portfolio of critical Go projects. For example, we are two thirds of the Go standard library cryptography maintainers, we provide the FIPS 140-3 validation of the upstream Go Cryptographic Module, and we fund the maintenance of x/crypto/ssh and staticcheck amongst others. Our retainer clients engage us both to get access to our expertise, and so that the critical dependencies they rely on are professionally maintained. Beyond our portfolio, we sometimes act as maintainers of last resort when critical, security-relevant Go projects go unmaintained. Recently, there were two occasions in which we stepped into this informal role: we took over maintenance of the popular bluemonday HTML sanitizer when the maintainer chose to move on; and we built alternative upgrade paths for the seemingly unmaintained gorilla/csrf library, by introducing a new carefully researched implementation into the standard library and creating a drop-in package replacement, after we discovered a security vulnerability in the original. We can professionally serve in this role, including contracting external help, thanks to the sustainable funding of our retainer agreements. Our clients benefit from our maintenance efforts, and have a direct line to highlight projects in need. bluemonday bluemonday is the most popular HTML sanitizer in the Go ecosystem, used by thousands of applications and libraries to clean up user-generated…Read More