[Announcements] Sakai Security Policy
Anthony Whyte
arwhyte at umich.edu
Tue Apr 7 12:14:50 PDT 2009
I'd like to remind all Sakai list participants that should you ever
uncover what you believe to be a security vulnerability in Sakai
software that you refrain from voicing your concerns on any public
listserv, blog or other open communication channel. Instead please
notify the Sakai Foundation immediately at the following email address:
security at sakaifoundation.org
Please describe the issue you have encountered and include a callback
telephone number so that we can contact you by telephone if it is
deemed necessary. Second, if you have a Jira account and choose to
file a Jira bug report on a possible security vulnerability please be
sure to flag it as a security issue by selecting "security issue"
from the security level dropdown as well as clicking the security
issue filter flag. Your concerns will be addressed by the Sakai
Community's Security Working Group (WG).
Bear in mind that the integrity and security of existing Sakai
installations can be compromised by the premature public disclosure
of security threats. Voicing specific security concerns in public
should be avoided at all times.
SAKAI SECURITY CONTACTS
The Sakai Foundation encourages institutions and organizations that
adopt Sakai software to consider contacting the Foundation and
providing the name(s) and contact details of one or more individuals
to serve as security contacts. Security contact information should be
emailed to security at sakaifoundation.org.
Sakai security contacts receive security alerts via private channels
in order to allow them time to patch their Sakai installation ahead
of any public disclosure. Designated security contacts are also
provided access rights to view, comment and address issues flagged as
security items in Sakai's JIRA issue tracking application. We do not
grant access to these JIRA items lightly and we verify the identity
and role of each person who is designated as a security contact.
SAKAI SECURITY POLICY DOCUMENT
The Sakai Community's security policy is more fully described in the
attached document, Sakai Security Policy (version 3.1), a minor
revision of version 3.0, originally released on 11 April 2007.
Please review the document.
The Sakai Security Policy document is available on the web at
http://www.sakaiproject.org/portal/site/sakai-home/page/
d0a38582-64a1-4095-bde0-f78d7d1dbb25
The policy doc can also be downloaded from
http://confluence.sakaiproject.org/confluence/display/DOC/Documentation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sakai-security-policy-v3dot1.pdf
Type: application/pdf
Size: 76855 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/announcements/attachments/20090407/5823f0de/attachment-0001.pdf
-------------- next part --------------
Regards,
Anthony Whyte
Sakai Security Liaison and Security WG member
Sakai Foundation / University of Michigan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2417 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/announcements/attachments/20090407/5823f0de/attachment-0001.bin
More information about the announcements
mailing list