fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Cable <>
Subject Discussion on Addressing Security portion of Maturity Evaluation
Date Thu, 12 Jan 2017 19:25:10 GMT

I wanted to separate out this thread to further discuss the feedback you
gave. Could you please expand a bit on what wiki recommendations we should
have in place. We are more extensively documenting our release policy so we
can transparently execute a patch at the drop of a hat.


> *QU30: The project provides a well-documented channel to report security
> issues, along with a documented way of responding to them.*
> Currently we just link to: Are we able to
> do as other projects at or is
> a private channel not something we can set up till we're out of
> incubation.  If we can move forwarde, I'd suggest we have a security page
> on our site, document and fix known vulnerabilities and then provide clear
> instruction on reporting vulnerabilities to a private channel like

This is less about security@fineract vs.
and more about the community being ready for when the first 0 day
hits either of those. Being ready is a combination of tribal knowledge,
wiki recommendations and a release policy that would allow you to patch
at a drop of a hat.

*Ed Cable*
Director of Community Programs, Mifos Initiative | Skype: edcable | Mobile: +1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *
<>  <>

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message