openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Rutkowski" <mrutk...@us.ibm.com>
Subject Added a "Security" page to website with simple, OW-specific instructions for vuln. reporting
Date Wed, 20 Mar 2019 16:54:18 GMT
While filling out the Maturity Model, I noted that several questions were 
asked around our community's seriousness in addressing user security 
issues/reporting.  However, our website (footer) had a "security" link 
that simply sent you to a general Apache site which has you contact the 
"Apache security team" which really has no ties (or even process) to 
connect it back to the OpenWhisk (or any Incubator) project.

I found a nicer approach taken by a recently grad. project which I liked 
which was to provide a more personal page from our website to display on 
clicking the "security" link on any footer.  It instructs the user to 
submit suspected vuln. issues directly to the PMC private email list 
(which is the desired process) and hopefully gets the immediate attention 
of our PMC whose members can quickly investigate and instigate the 
internal Apache processes as needed. 

Priti kindly reviewed/merged the new page for me and you can find it here:
https://openwhisk.apache.org/security.html

Please comment if you feel anything needs to be added, but this actually 
is complete and succinct IMO.

Kind regards,
Matt


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message