Child pages
  • Boilerplate Security Contacts disclosure

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
If you are receiving this email it means that you are on the Sakai security contacts list. The list is maintained by the Sakai Security Working Group (aka Security WG). Please contact the Security WG at security@sakaifoundation.org if you should be removed from this list. Only authorized individuals are permitted on this list. OurPlease securitysee policyour isSecurity availablePolicy publicly at .....
The Sakai security contacts list receive security alerts to allow time to patch their Sakai installation ahead of any public disclosure. Designated security contacts are also provided access rights to view, comment and address issues flagged as security items in Sakai's JIRA issue tracking application.
Why is it important to pay attention to this information and follow the guidelines?
  • The integrity and security of existing Sakai installations can be compromised by the premature public disclosure of security threats.
  • As an enterprise system, we have an obligation to behave responsibly and minimize the risks to institutions using the software.
  • As a community, we have a responsibility to each other, our students, our faculty, our researchers and administrators to provide as safe an environment as possible.
What to do if you are notified of a security issue through this list:
  • Read the security notice carefully
  • Check the relevant Jira's. The Jira ids will be provided. If you do not have access, contact the Security WG.
  • If you need additional clarification, post your question on the Jira in the Comments.
  • Apply the fixes as soon as possible.
  • Do ask questions on the Jira or to the Security WG. Do not post questions or information on any other web site, forum, email group, social network, or any other public communications forum. Please only notify the people at your institution and who help manage your Sakai system on a need-to-know basis

What to do if you find what you believe to be a security vulnerability in Sakai:

  • Please notify the Security WG immediately. Describe the issue in detail. There is no such thing as too much information. Please include your telephone number in case we deem it necessary to contact you this wayother than by email.
  • Please do not take any other action and refrain from voicing your concerns on any public listserv, blog or other communication channel.
  • We will get back with you as soon as possible with any further information or instructions.

Filing a Jira:

  • If you file a Jira issue, please make sure to flag it as a security issue by selecting "Security Issue" from the security level drop down as well as clicking the security issue filter flag. 
Why is this important?
* The integrity and security of existing Sakai installations can be compromised by the premature public disclosure of security threats. 
  • The goal is to do our best as a community to protect each other, with the caveat that the community is only able to support two releases at a time.