Posted by moshe weitzman on September 23, 2006 at 5:54pm
Notes from our session
- Documentation needed
- checklist for security reviews
- one page docs on XSS, SQL injection, db_rewrite_sql, ...
- Add link and form for submitting security review on a project.
- Only show positive reviews. Bad reviews send email to security team and owners
- Possible show security advisories for some period of time on a project
- Add an security acknowledgement checkbox to the CVS request form. I agree and understand
- Ad security paragraph to the welcome msg refers for contrib access
- Outreach to contrib authors. Newsletter, screencasts, ...