Wikimedia Security Team/AppSec Clinic Minutes/2024-12-09

Date: 2024-12-09

Dashboard: https://phabricator.wikimedia.org/portal/view/3/

Attending: SBassett_(WMF), MMartorana_(WMF), MStyles_(WMF), JLy-WMF

1. MMartorana_(WMF)
   1. T380014 - Jimmy onboarding, stat kerberos then done
   2. T381033 - Still investigating
2. MStyles_(WMF)
   1. T367677 - 3D upgrade, waiting on reviewers
3. SBassett_(WMF)
   1. T364776 - waiting, possibly investigate self based upon Aaron's advice
   2. T380322 - rated low-risk, possibly remove
4. JLy-WMF
5. ACooper-WMF
6. Reedy
   1. T373933 - Seems in-progress?
   2. T375537 - processed, Reedy to be working on it?
   3. T376563 - Publish public "Rules of Engagement" for security researchers and people reporting security vulnerabilities
   4. T379176 - moved to watching, assigned to Reedy

1. T381753 - Assigned to MMartorana_(WMF), untag, recommend pushing to gerrit, add to supplemental
2. T380392 - Untagged, suggested contacting Legal
3. T381430 - Assigned to MStyles_(WMF)
4. T381442 - Follow task
5. T381462 - Assigned to SBassett_(WMF)
6. T381522 - Assigned to MMartorana_(WMF)
7. T381617 - Assigned to SBassett_(WMF)
8. T381625 - Assigned to JLy-WMF for review
9. T381769 - Assigned to MStyles_(WMF) for triage

1. JLy-WMF suggested we use this meeting to try to address items from the #Security backlog. This was agreed to be a good idea, so next week we will start to triage 3 to 5 old #Security items with the primary goal of declining/invalidating them (likely many could be), merging to newer, similar tasks or triaging/trying to find ownership if they are still relevant. This process will be created and documented at the next AppSec clinic.