The Security Team is a trusted group. This team is responsible to review security reports and to proceed to a pro-active audit at each major release. Security Team members are added by vote by the Admins following recommendations of current members.

Release responsibilities

1. Review all previously reported issues on dev & sent to security list.
   1. Ask bug reporters how they would like to be acknowledged.
2. Contact all people that have helped in the past.
3. Proceed to security audit as per our release procedures.
   • run doc/devtools/securitycheck.php and check each "potentially unsafe" file.
   • Check for presence of all .htaccess files
   • Add files to robots.txt (printed pages, etc.)
4. Update security.tiki.org with sections for new version
5. Run Security DB

Members

http://tiki.org/WhoWhat#Security_Team

Ongoing responsibilities

• Keep up to date http://dev.tiki.org/Security and Security.tiki.org
• Monitor what comes in on the security mailing list, and respond accordingly. Ex.: http://secunia.com/product/3356/?task=advisories
• Proactively finds ways to make Tiki more secure
• Release security patches
• Document current security-related things
• Filtering Best Practices
• Interactions with security researchers and companies

Task

• Document how to run SecDB for people running from SVN

Alias

• SecuritySquad
• SecurityTeam
• Security Squad
• Security Group
• SecurityGroup