Security Team

Release responsibilities

  1. Review all previously reported issues on dev & sent to security list.
    1. Ask bug reporters how they would like to be acknowledged.
  2. Contact all people that have helped in the past.
  3. Proceed to security audit as per our release procedures.
    • run doc/devtools/securitycheck.php and check each "potentially unsafe" file.
    • Check for presence of all .htaccess files
    • Add files to robots.txt (printed pages, etc.)
  4. Update security.tiki.org with sections for new version
  5. Run Security DB

Ongoing responsibilities


  • The security team coordinator is Brendan Ferguson (drsassafras)
    • All disclosures are in the tracker and followed up in a timely fashion
    • Makes sure proper credit is given to researchers for responsible disclosures


  • Document how to run SecDB for people running from SVN
    • SecDB update is incorporated into doc/devtools/svnup.php now (since Tiki 16 i think )


Brendan (drsassafras) is the security team coordinator, and John Chishugi is the assistant-coordinator.

Team Security

Inactive members
Inactive members alain_desilets, Eric Beaurivage and Luis Fagundes are invited to reactivate membership at any time.


Created by: Last Modification: Tuesday 19 April 2022 16:14:08 GMT-0000 by Marc Laporte
List Slides