[Xerte-dev] FW: [apereo-projects] Practices around security event handling
Julian Tenney
Julian.Tenney at nottingham.ac.uk
Thu Jul 2 09:53:01 BST 2015
Is this of interest? Security is one area where any negative perceptions could create a big barrier for people. It would be good to have some sort of credentials I think,
From: projects at apereo.org [mailto:projects at apereo.org] On Behalf Of Jim Helwig
Sent: 01 July 2015 21:55
To: projects at apereo.org
Subject: [apereo-projects] Practices around security event handling
Fellow Projecteers,
At the conference I happened to have a conversation over dinner with Misagh Moayyed about the process for handling vulnerability reports. The CAS and uPortal projects had both taken stabs recently at formalizing the processes. We approached the formalization from different angles, but I suspect our processes could end up being more similar than different. Both Misagh and I thought it would be valuable to look for a baseline common process that could be adopted by projects and customized as necessary. I suggest that perhaps a great place to start would be for a few of us to participate in a google hangout, look at what CAS, uPortal, and Sakai have to date, point out commonalities/strengths/opportunities, and take a stab at a baseline document (or identify someone to take a stab at it) that might be of use to projects across Apereo.
If you are interested in participating in this initial work, let me know and I will doodle for an open meeting time.
JimH
Jim Helwig
uPortal Steering Committee Chair
Reference Apereo examples:
https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling
https://wiki.jasig.org/display/CAS/Vulnerability+Response
https://docs.google.com/document/d/1s-xvqbeHS_EjU6EKlv8ftXgQ-R56CU0tAjuQE3SSH4s/edit?usp=sharing
https://confluence.sakaiproject.org/display/SECWG/Security+Policy
--
You received this message because you are subscribed to the Google Groups "Project Contacts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to projects+unsubscribe at apereo.org<mailto:projects+unsubscribe at apereo.org>.
To post to this group, send email to projects at apereo.org<mailto:projects at apereo.org>.
Visit this group at http://groups.google.com/a/apereo.org/group/projects/.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20150702/168fd3e8/attachment-0001.html>
More information about the Xerte-dev
mailing list