Security Team

Added by Maik Hagenbruch about 7 years ago

Security Team - Helmut Hummel

Improving the security for TYPO3 core and TER extensions


Replies (3)

RE: Security Team - Added by Patrick Lobacher about 7 years ago

What is done during the code sprints? Code insight? Oder developing software which helps to stay secure (scanner, ...).
Besides of that - I think that the security team makes a really great job and reacts very fast - this should be retained - so +1

RE: Security Team - Added by Marcus Krause about 7 years ago

Patrick Lobacher wrote:

What is done during the code sprints? Code insight? Oder developing software which helps to stay secure (scanner, ...).

Although planning always included proactivate tasks, past code sprints mainly focused on incident response for TYPO3 Core. Sometimes new features are a direct result of sprints, but they are mainly introduced to tackle reported issues. (e.g. escaping API)

Last sprint took place in Stuttgart end of July 2012; TYPO3-CORE-SA-2012-004 is a direct result of it. In the sprint before besides incident handling we also checked the TYPO3.org relaunch project (DEV environment) for security issues (issues were found, reported and fixed by the respective providers).

Code sprints are a great way to find the best solution for issues in an efficient manner. (gerrit votes by core & security team) But this is something you're surely aware of and understand.

I personally hope we can focus on new features/security infrastructure in the next sprints.
But you never know what will happen until then in regards to reports.

RE: Security Team - Added by Frank Gerards about 7 years ago

I second Patricks arguments and am surprised that this budget is quite low.
Having a nice QA in TYPO3 is one of the top arguments for customers above other Open Source CMS/software,
so if you have ideas to even improve your work I would strongly suggest you revise your budget.

There are other budget with shop migration costs of 100.000 €, leaving me speechless, so
keep up the good work and "cry out" if you need help :).

    (1-3/3)