Security Working Group
Contact Us
Slack |
---|
The Slack channel above is public. Please use our email for reporting security vulnerabilities.
What We Do
We help triage security issues and continuously improve the Open edX project’s security posture. We:
Send security issues to the right maintainer.
Tell the maintainer how important the security issue is using CVSS.
Follow up with maintainers to ensure that vulnerabilities have been patched.
Who We Are
Join Us
See Join us.
Members
Person | Organization |
---|---|
@Feanil Patel, Chair | Axim |
@Alison Langston | 2U |
@Mariagabriela Giorgianni | eduNext |
@Awais Qureshi | Arbisoft |
@Farhaan Bukhsh | OpenCraft |
@Gábor Boros | OpenCraft |
Qasim Gulzar | Arbisoft |
Volunteers & Experts
Person | Organization | Expertise |
---|---|---|
|
|
|
|
|
|
How We Work
Prefer async coordination with a synchronous meeting every 2 weeks.
Ad-hoc meeting for specific decision making encouraged.
2 week triage rotation to respond to incoming reports.
For task tracking:
General: wg-security GitHub Issues.
Repository-specific: a GitHub Issue or GitHub Security Advisory in that repo.
Where We Work
#wg-security in Slack
Security Announcements in Discourse
https://github.com/orgs/openedx/projects/45/views/1 in GitHub Issues