Task Teams » Security Task Team
Contacting the team
If you think you have discovered a security vulnerability, please email the security team's
TWikiSecurityMailingList at this address:
mailto:twiki-security@listsPLEASENOSPAM.sourceforge.net (twiki-security@lists.sourceforge.net). They will analyse the vulnerability and get back to you as soon as possible. Read also the
TWikiSecurityAlertProcess.
- NOTE: You don't need to subscribe to the
twiki-security
list! Only the SecurityTeam is on this list, but anyone can email to the team through the twiki-security
email address. Please subscribe to the TWikiAnnounceMailingList to get notified of security alerts.
Please do
not post a
BugReport - once the team has analysed the problem, a less serious report may be dealt with via a
BugReport, but a critical fix must be distributed to TWiki site administrators before the issue is publicised as a
BugReport and in security advisories.
Tasks on being notified of a vulnerability
- The security team will act as follows:
- Attempt to discuss triage (i.e. prioritise alert action), but if necessary act alone
- Ensure security alerts are distributed as soon as possible but within the documented timeframe of the TWikiSecurityAlertProcess to give admins the chance to temporarily filter or take down vulnerable sites
- If possible, untar/fix/retar the offered downloadable distribution, so admins can get sites up again fast
- Ensure the proper fixing of the SVN versions (not do it, organise it)
- Coordinate and release emergency patch releases, as required
- Coordinate with security advisory agencies
Additional Responsibilities
Rights
- The Security Team has the right to represent the TWiki community on all matters related to security, without reference to the rest of the community.
- The Security Team has the right to override all other decision-making processes in the event of security-related issues
- The SecurityTeamSupportGroup has volunteered to act under the direction of the Security Team as and when required
- The Security Team has the right to be recognised for their work in TWiki releases, on the twiki.org site, and in press communications
Team members
See also:
TWikiSecurityMailingList,
TWikiSecurityAlerts,
TWikiSecurityAlertProcess,
TWikiSecurityAlertEmail
--
Contributors: CrawfordCurrie,
RichardDonkin,
SamHasler,
PeterThoeny
Discussion and Feedback
I archived old discussions, accessible in
rev 24.
--
PeterThoeny - 2010-09-24