Security Working Group

Contact Us

The Slack channel above is public. Please use our email for reporting security vulnerabilities.

What We Do

We help triage security issues and continuously improve the Open edX project’s security posture. We:

  • Send security issues to the right maintainer.

  • Tell the maintainer how important the security issue is using CVSS.

  • Follow up with maintainers to ensure that vulnerabilities have been patched.

Who We Are

Join Us

See Join us.

Members

Person

Organization

Person

Organization

@Feanil Patel, Chair

Axim

@Alison Langston

2U

@Mariagabriela Giorgianni

eduNext

@Awais Qureshi

Arbisoft

@Farhaan Bukhsh

OpenCraft

@Gábor Boros

OpenCraft

Qasim Gulzar

Arbisoft

Volunteers & Experts

Person

Organization

Expertise

Person

Organization

Expertise

 

 

 

 

 

 

How We Work

  • Prefer async coordination with a synchronous meeting every 2 weeks.

  • Ad-hoc meeting for specific decision making encouraged.

  • 2 week triage rotation to respond to incoming reports.

  • For task tracking:

    • General: wg-security GitHub Issues.

    • Repository-specific: a GitHub Issue or GitHub Security Advisory in that repo.

Where We Work

More Information