Website update

[Andrew van der Stock]

Hi all,

A fair bit has been happening this and last week. Firstly, thank you to Sam for conducting a static code analysis of the source code. We've taken those findings and put them into Monday.com and provided Antimatter with the reports so they can fix them. 

We had a productive meeting today with Antimatter, Christian, myself, Zoe and Jon McCoy to go through the findings, prioritization, and discuss how to remediate the issues. They will be concentrating on the critical and high risk findings first. Some of the findings are low or no risk because they are not deployed to production (such as a migration SQL script, which has to do what it does but is not used by anyone but the developers pushing schema updates, which is a once-off affair). 

Antimatter will work on the code this week. We will have a meeting on late Friday US time (Saturday my time) to review progress. I will review the code for changes to see if the issues have been closed from a source-code-review perspective, but once all the fixes are in, we will get it fully penetration-tested with these reports to make sure the issues are remediated effectively. 

I've been in discussions with FortiGate to provide a quote for a full penetration test. They've asked for test accounts to fully scope the test, which is in progress. I will not start the test until enough of the static code analysis fixes are in place. 

Once the fixes are in place and the penetration test is complete, we will proceed to go live. 

thanks,

Andrew van der Stock
Distinguished Lifetime Member

Executive Director, OWASP

+1 510 697 9315