Responsible disclosure mailing list
4 views
Skip to first unread message
Duncan Dickinson
Oct 18, 2012, 6:51:52 PM10/18/12
to ReDBox Developer List, ReDBox User List, The Fascinator group, Norm Lawler
Hi All,
I'm sure we'd all agree that security is an incredibly important issue when discussing web-based software. As open source systems, code for ReDBox and Mint is available for everyone to access and customise. Our goal is to provide this within a framework that helps ensure stable and secure software.
Some time ago it was decided that the ReDBox project would utilise a responsible disclosure policy for handling security issues raised in testing and by users. Details regarding this are available at http://www.redboxresearchdata.com.au/governance/responsible-disclosure-policy.
To aid us in ensuring that this policy is correctly undertaken, I will be establishing a mailing list for security announcements. As you can appreciate, this will not be an open list as the information posted to the list is of a sensitive nature.
I would ask that all sites utilising the ReDBox software nominate 1-2 people to receive security announcements from the ReDBox team. The following points should be taken into account when nominating:
- Nominations are to be sent to me via sup...@redboxresearchdata.com.au and must contain the name and email address of the nominated person
- Only organisational email addresses will be accepted (e.g. fr...@universityx.edu.au)
- Please send only 1 email per organisation - if I receive multiple emails I will need to contact you to determine who is the agreed-upon contact(s)
- Consider the use of a "managed" email address (e.g. ad...@example.edu.au) to avoid issues where people leave or are away but:
- Make sure that this account is really managed - i.e. you know who can access it.
The details you provide will not be used in any manner beyond adding the contact details to the mailing list and security register.
I ask that any security issues be flagged to sup...@redboxresearchdata.com.au for investigation and assistance. This service can be utilised by anyone implementing ReDBox and is not limited to those engaging in support contracts.
Please do not hesitate to contact me if you would like further information.
--
Cheers,
Duncan
Duncan Dickinson
QCIF Project Manager
Central Queensland University
Developer? Check out dev8D-AU at http://dev8dau.info/
Cheers,
Duncan
Duncan Dickinson
QCIF Project Manager
Central Queensland University
| My contact details: ph: 07 3138 2084 m: 0432 402 511 skype: de.dickinson | Project involvement |
Duncan Dickinson
Oct 22, 2012, 5:55:09 PM10/22/12
to ReDBox Developer List, ReDBox User List, The Fascinator group
Hi All,
Just a reminder on the email below - we've had a few responses but it'd be great to get full coverage of ReDBox sites.
Cheers,
Duncan
Reply all
Reply to author
Forward
0 new messages