Summary - Improving security of Contributed modules

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
moshe weitzman's picture
Posted by moshe weitzman on September 23, 2006 at 5:54pm

Notes from our session

  • Documentation needed
    • checklist for security reviews
    • one page docs on XSS, SQL injection, db_rewrite_sql, ...
  • Add link and form for submitting security review on a project.
    • Only show positive reviews. Bad reviews send email to security team and owners
  • Possible show security advisories for some period of time on a project
  • Add an security acknowledgement checkbox to the CVS request form. I agree and understand
  • Ad security paragraph to the welcome msg refers for contrib access
  • Outreach to contrib authors. Newsletter, screencasts, ...
Categories:

Comments

Show security advisories on projects

Posted by Robert Castelo on September 26, 2006 at 8:11pm
Robert Castelo's picture

Possible show security advisories for some period of time on a project

Would the advisories need to be added to a project manually? If so adding them should be restricted to member(s) of the security team.

Any thoughts of how long to leave advisories up for? Expiring after a year sounds good to me.

DrupalCon Brussels 2006

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.