Child pages
  • Security Policy

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NOTICE: If you uncover a security vulnerability in Sakai software please do not voice your concerns on any public listserv, blog or other open communication channel but instead notify the Sakai Security Working Group immediately at security@sakaifoundationsakai-security@apereo.org . Please provide a callback telephone number so that we can contact you by telephone if it is deemed necessary.

...

Security vulnerabilities in Sakai should be reported immediately to the Sakai Security WG at security@sakaifoundation sakai-security@apereo.org . When contacting the WG, please provide a callback telephone number so that we can contact you by phone if it is deemed necessary. Sakai Security WG and community developers, working with the original reporter of the vulnerability, will investigate the issue, determine versions affected, and, if necessary, develop and distribute as quickly as is possible a security update for the Sakai Community and general public.

...

The Sakai Secuirty WG encourages institutions and organizations that download and install Sakai software to consider contacting the Sakai Security WG and providing the name(s) and contact details of one or more individuals to serve as security contacts. Security contact information should be emailed to security@sakaifoundation sakai-security@apereo.org.

As noted above, Sakai security contacts receive security updates in advance of public release in order their institution or organization time to patch their Sakai installation before any Sakai security vulnerability becomes general knowledge. Designated security contacts are also provided access rights to view, comment and address issues flagged as security items in Sakai's JIRA issue tracking application. Security-related JIRA issues are hidden from public view. We do not grant access to these JIRA items lightly and we verify the identity and role of each person who is designated as a security contact.

...