[Announcements] Sakai Security Policy

Anthony Whyte arwhyte at umich.edu
Tue Apr 7 12:14:50 PDT 2009 

I'd like to remind all Sakai list participants that should you ever  
uncover what you believe to be a security vulnerability in Sakai  
software that you refrain from voicing your concerns on any public  
listserv, blog or other open communication channel.  Instead please  
notify the Sakai Foundation immediately at the following email address:

  security at sakaifoundation.org

Please describe the issue you have encountered and include a callback  
telephone number so that we can contact you by telephone if it is  
deemed necessary.  Second, if you have a Jira account and choose to  
file a Jira bug report on a possible security vulnerability please be  
sure to flag it as a security issue by selecting "security issue"  
from the security level dropdown as well as clicking the security  
issue filter flag.  Your concerns will be addressed by the Sakai  
Community's Security Working Group (WG).

Bear in mind that the integrity and security of existing Sakai  
installations can be compromised by the premature public disclosure  
of security threats.  Voicing specific security concerns in public  
should be avoided at all times.


SAKAI SECURITY CONTACTS

The Sakai Foundation encourages institutions and organizations that  
adopt Sakai software to consider contacting the Foundation and  
providing the name(s) and contact details of one or more individuals  
to serve as security contacts. Security contact information should be  
emailed to security at sakaifoundation.org.

Sakai security contacts receive security alerts via private channels  
in order to allow them time to patch their Sakai installation ahead  
of any public disclosure. Designated security contacts are also  
provided access rights to view, comment and address issues flagged as  
security items in Sakai's JIRA issue tracking application.  We do not  
grant access to these JIRA items lightly and we verify the identity  
and role of each person who is designated as a security contact.


SAKAI SECURITY POLICY DOCUMENT

The Sakai Community's security policy is more fully described in the  
attached document, Sakai Security Policy (version 3.1), a minor  
revision of version 3.0, originally released on 11 April 2007.   
Please review the document.

The Sakai Security Policy document is available on the web at

http://www.sakaiproject.org/portal/site/sakai-home/page/ 
d0a38582-64a1-4095-bde0-f78d7d1dbb25

The policy doc can also be downloaded from

http://confluence.sakaiproject.org/confluence/display/DOC/Documentation



-------------- next part --------------
A non-text attachment was scrubbed...
Name: sakai-security-policy-v3dot1.pdf
Type: application/pdf
Size: 76855 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/announcements/attachments/20090407/5823f0de/attachment-0001.pdf 
-------------- next part --------------




Regards,

Anthony Whyte
Sakai Security Liaison and Security WG member
Sakai Foundation / University of Michigan



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2417 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/announcements/attachments/20090407/5823f0de/attachment-0001.bin

More information about the announcements mailing list