Security Working Group

Contact Us

What We Do

We help triage security issues and continuously improve the Open edX project’s security posture. We:

• Send security issues to the right maintainer.

• Tell the maintainer how important the security issue is using CVSS.

• Follow up with maintainers to ensure that vulnerabilities have been patched.

Who We Are

Join Us

See https://openedx.atlassian.net/wiki/spaces/COMM/pages/3637018641.

Members

Volunteers & Experts

How We Work

Under Construction

• Prefer async coordination with a synchronous meeting every 2 weeks.

• Ad-hoc meeting for specific decision making encouraged.

• 2 week triage rotation to respond to incoming reports.

• For task tracking:

  • General: wg-security GitHub Issues.

  • Repository-specific: a GitHub Issue or GitHub Security Advisory in that repo.

Where We Work

• #wg-security in Slack

• Security Announcements in Discourse

• https://github.com/orgs/openedx/projects/45/views/1 in GitHub Issues

More Information

• https://openedx.atlassian.net/wiki/spaces/COMM/pages/3630923873

• https://openedx.atlassian.net/wiki/spaces/COMM/pages/3631513638

• https://openedx.atlassian.net/wiki/spaces/COMM/pages/3630858436

• Charter: https://open-edx-proposals.readthedocs.io/en/latest/processes/oep-0060-proc-sec-group.html