Jul 26, 2023
Vision-casting: Where do we want to go in the future for proactive security work?
1st-party dependency security upgrades
3rd-party security upgrades
Maga is working on creating process in BTR for Django
XSS linting on edx-platform
What are the top possible improvements?
Django security linters
Security checks before PR merge
How to deal with new reports that are duplicates of edX’s SWG backlog?
There’s a lot of value in keeping GHSA creation limited to actionable items to reduce noise.
It might be good to create a “common reports & responses” section in our private Confluence pages to make triage more efficient.
Third-party/middlemen for security researchers
Let’s experiment with it by responding to their email using our normal responses.