Tags:
security1Add my vote for this tag task_team1Add my vote for this tag create new tag
view all tags

Task Teams » Security Task Team

Summary: Handle security alerts and their follow-up
Team lead: PeterThoeny
Participants: HideyoImazu, SopanShewale
Status: Active

Contacting the team

If you think you have discovered a security vulnerability, please email the security team's TWikiSecurityMailingList at this address: mailto:twiki-security@listsPLEASENOSPAM.sourceforge.net (twiki-security@lists.sourceforge.net). They will analyse the vulnerability and get back to you as soon as possible. Read also the TWikiSecurityAlertProcess.

  • NOTE: You don't need to subscribe to the twiki-security list! Only the SecurityTeam is on this list, but anyone can email to the team through the twiki-security email address. Please subscribe to the TWikiAnnounceMailingList to get notified of security alerts.

Please do not post a BugReport - once the team has analysed the problem, a less serious report may be dealt with via a BugReport, but a critical fix must be distributed to TWiki site administrators before the issue is publicised as a BugReport and in security advisories.

Tasks on being notified of a vulnerability

  • The security team will act as follows:
    1. Attempt to discuss triage (i.e. prioritise alert action), but if necessary act alone
    2. Ensure security alerts are distributed as soon as possible but within the documented timeframe of the TWikiSecurityAlertProcess to give admins the chance to temporarily filter or take down vulnerable sites
    3. If possible, untar/fix/retar the offered downloadable distribution, so admins can get sites up again fast
    4. Ensure the proper fixing of the SVN versions (not do it, organise it)
    5. Coordinate and release emergency patch releases, as required
    6. Coordinate with security advisory agencies

Additional Responsibilities

Rights

  • The Security Team has the right to represent the TWiki community on all matters related to security, without reference to the rest of the community.
  • The Security Team has the right to override all other decision-making processes in the event of security-related issues
  • The SecurityTeamSupportGroup has volunteered to act under the direction of the Security Team as and when required
  • The Security Team has the right to be recognised for their work in TWiki releases, on the twiki.org site, and in press communications

Team members

See also: TWikiSecurityMailingList, TWikiSecurityAlerts, TWikiSecurityAlertProcess, TWikiSecurityAlertEmail

-- Contributors: CrawfordCurrie, RichardDonkin, SamHasler, PeterThoeny

Discussion and Feedback

I archived old discussions, accessible in rev 24.

-- PeterThoeny - 2010-09-24

TaskTeamForm
Title Security Task Team
Summary Handle security alerts and their follow-up
Team lead PeterThoeny
Participants HideyoImazu, SopanShewale
Charter Date 2008-10-27
Status Active
RelatedTopics

Edit | Attach | Watch | Print version | History: r28 < r27 < r26 < r25 < r24 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r28 - 2012-12-11 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.