Vulnerability Disclosure and Discovery

[John McLear]

I'm making a concious effort to carefully put together a team to deal with Etherpad Security.

The teams scope will be to:

1. Create a Vulnerability disclosure policy that matches the Ethos of the Foundation.
   
2. Engage with security researchers and the wider community to discover security issues.
   
3. Encourage site admins to be aware of and patch security issues before disclosure is complete.
   
4. Relay security issues to the developer team and promote action whilst maintaining discreetness.
5. Work with the testing team to write test specs to check for vulnerabilities

If you are interested in getting involved then please either reply here or drop me through an email and we can chat about how to proceed!