The Slack channel above is public. Please use our email for reporting security vulnerabilities.
We help triage security issues and continuously improve the Open edX project’s security posture. We:
Send security issues to the right maintainer.
Tell the maintainer how important the security issue is using CVSS.
Follow up with maintainers to ensure that vulnerabilities have been patched.
@Feanil Patel, Chair
Prefer async coordination with a synchronous meeting every 2 weeks.
Ad-hoc meeting for specific decision making encouraged.
2 week triage rotation to respond to incoming reports.
For task tracking:
General: wg-security GitHub Issues.
Repository-specific: a GitHub Issue or GitHub Security Advisory in that repo.
#wg-security in Slack
Security Announcements in Discourse
https://github.com/orgs/openedx/projects/45/views/1 in GitHub Issues