<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Is this of interest? Security is one area where any negative perceptions could create a big barrier for people. It would be good to have some sort of credentials I think, <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> projects@apereo.org [mailto:projects@apereo.org] <b>On Behalf Of </b>Jim Helwig<br><b>Sent:</b> 01 July 2015 21:55<br><b>To:</b> projects@apereo.org<br><b>Subject:</b> [apereo-projects] Practices around security event handling<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Fellow Projecteers,<o:p></o:p></p><div><p class=MsoNormal>At the conference I happened to have a conversation over dinner with Misagh Moayyed about the process for handling vulnerability reports. The CAS and uPortal projects had both taken stabs recently at formalizing the processes. We approached the formalization from different angles, but I suspect our processes could end up being more similar than different. Both Misagh and I thought it would be valuable to look for a baseline common process that could be adopted by projects and customized as necessary. I suggest that perhaps a great place to start would be for a few of us to participate in a google hangout, look at what CAS, uPortal, and Sakai have to date, point out commonalities/strengths/opportunities, and take a stab at a baseline document (or identify someone to take a stab at it) that might be of use to projects across Apereo.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If you are interested in participating in this initial work, let me know and I will doodle for an open meeting time.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>JimH<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Jim Helwig<o:p></o:p></p></div><div><p class=MsoNormal>uPortal Steering Committee Chair<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Reference Apereo examples:<o:p></o:p></p></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><a href="https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling"><span style='color:#954F72'>https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling</span></a><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><a href="https://wiki.jasig.org/display/CAS/Vulnerability+Response"><span style='color:#954F72'>https://wiki.jasig.org/display/CAS/Vulnerability+Response</span></a><o:p></o:p></span></p></div></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><a href="https://docs.google.com/document/d/1s-xvqbeHS_EjU6EKlv8ftXgQ-R56CU0tAjuQE3SSH4s/edit?usp=sharing">https://docs.google.com/document/d/1s-xvqbeHS_EjU6EKlv8ftXgQ-R56CU0tAjuQE3SSH4s/edit?usp=sharing</a><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><a href="https://confluence.sakaiproject.org/display/SECWG/Security+Policy">https://confluence.sakaiproject.org/display/SECWG/Security+Policy</a><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><o:p> </o:p></span></p></div><p class=MsoNormal>-- <br>You received this message because you are subscribed to the Google Groups "Project Contacts" group.<br>To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:projects+unsubscribe@apereo.org">projects+unsubscribe@apereo.org</a>.<br>To post to this group, send email to <a href="mailto:projects@apereo.org">projects@apereo.org</a>.<br>Visit this group at <a href="http://groups.google.com/a/apereo.org/group/projects/">http://groups.google.com/a/apereo.org/group/projects/</a>.<o:p></o:p></p></div></body></html>