FOR ARCHIVAL PURPOSES ONLY

The information in this wiki hasn't been maintained for a good while. Some of the projects described have since been deprecated.

In particular, the "Ushahidi Platform v3.x" section contains information that is often misleading. Many details about this version of Platform have changed since.

This website is an extraction of the original Ushahidi wiki into a static form. Because of that, functions like logging in, commenting or searching will not work.

For more documentation, please refer to https://docs.ushahidi.com

Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata

OWASP Portland and Ushahidi are planning a Security event for July. These are our preparation notes.

Meeting: June 6, 2012 Attended by Will Cloutier (Mozilla), Robbie Mackay (Ushahidi) and Heather Leson (Ushahidi)

Event purpose:

Ushahidi has set up a Security Working Group in partnership with Mozilla and OWASP. The event will include code review, pen testing and recommendations for security patches. Ushahidi's team is committed to learn from the OWASP community. We will action the fixes in one major software release.

Next steps

  1. June 11- OWASP PDX meets confirms date for event and advises on format (to include virtual or only local)
  2. July 1 - noon PDT - Confirmed (Robbie to advise on availability) 
  3. July followup - OWASP PDX to meet with Ushahidi team during OSCON

Resources/To Do

  • Technical set-up (Evan of Ushahidi to vm - setup)
  • Ushahidi 101 (Heather to provide Will with docs on What is ushahidi - slidedeck, video)
  • All to review current state of security.ushahidi.com

What can we do to resolve versions:

  • Ushahidi has an auto-upgrader for versions from 2.2. There are older less secure versions. A project is required to communicate and assist deployers to patch old versions.
  • Ushahidi to determine lifespan for old versions? (aka backport sec. patches)
  • do a communications plan - project upgrade - match , keep communicating over time (expiry dates)
  • Create a wiki page per version on what was updated (release notes) with a NOTE advising to upgrade to latest version
  • example: Wordpress - 5 minute install and a popup message
  • example 2: bugzilla -reg releases, email people if there is an issue. sometimes they will backport security