Security Working Group Meeting
May 4, 2012 12:00 EDT, 09:00 PDT
Attendees: Michael Coates, David Kobia and Heather Leson
Purpose:
Discuss next steps to build a security working group relationship between Ushahidi's community and OWASP. Receive guidance and make decisions.
Actions and notes:
- Michael to review Ushahidi community call recording and George Chamales's DefCon Video
- Create Security Working Group wiki page - Heather (done)
- Update Wiki with explanation on "how to report - Heather (done)
- Update Security.ushahidi.com with "how to file a security bug" and "how to reach security" - Heather to team for request (done)
- Community members who offered to join the Security Working Group to be introduced to Michael Coates, core tech team by Heather (done)
- Create security at ushahidi dot com and the Security Working Group email accounts- David (done)
- Define Security Working Group application process -team (done)
Next Steps
- Documented public process for how to submit security bugs (wiki, readme file) - Ushahidi team to do
- Security working group to handle inbound security issues, internal security discussions (communication method)
- Instructions for how someone can security test the software - have to download? test crowdmap page? blackout periods?
- David and Heather to advise Michael about the potential OWASP test day in the coming two weeks. (Due by May 7, 2012)
Additional resources: