Vulnerability Disclosure and Discovery

Skip to first unread message

John McLear

Mar 14, 2013, 12:11:45 PM3/14/13
I'm making a concious effort to carefully put together a team to deal with Etherpad Security.

The teams scope will be to:
  1. Create a Vulnerability disclosure policy that matches the Ethos of the Foundation.
  2. Engage with security researchers and the wider community to discover security issues.
  3. Encourage site admins to be aware of and patch security issues before disclosure is complete.
  4. Relay security issues to the developer team and promote action whilst maintaining discreetness.
  5. Work with the testing team to write test specs to check for vulnerabilities
If you are interested in getting involved then please either reply here or drop me through an email and we can chat about how to proceed!
Reply all
Reply to author
0 new messages