Security Team
The Security Team is a trusted group. This team is responsible to review security reports and to proceed to a pro-active audit at each major release. Security Team members are added by vote by the Admins following recommendations of current members.Table of contents
Release responsibilities
- Review all previously reported issues on dev & sent to security list
- Contact all people that have helped in the past.
- Proceed to security audit as per our release procedures.
- run doc/devtools/securitycheck.php and check each "potentially unsafe" file.
- Check for presence of all .htaccess files
- Security Check exceptions
- Add files to robots.txt (printed pages, etc.)
Members
http://tiki.org/WhoWhat#Security_Team
Ongoing responsibilities
- Keep up to date http://dev.tiki.org/Security and Security.tiki.org
- Monitor what comes in on the security mailing list, and respond accordingly. Ex.: http://secunia.com/product/3356/?task=advisories
- Proactively finds ways to make Tiki more secure
- Release security patches
- Document SecDB (and maybe a cron job to make sure it's always up to date, when people update from cvs)
- Document current security-related things
- Filtering Best Practices
and
.
, 14:06 CEST, Sun 22 Apr. 2012:
Next Webinar at Thursday, 17th of May 2012 (21:00 UTC)at 
, 13:07 CET, Fri 16 Mar. 2012:
What happened to the BBB room ?