Wikimedia Security Team/Security Review Planning/2024-01-09
Minutes for the Security Team's Q3 2023 (FY24) (January to March) quarterly planning session
Date: 2024-01-09
Secscrum board: https://phabricator.wikimedia.org/tag/secscrum/
Attending: CLemoisson-WMF, MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)
Below is from previous quarter, for now:
Completed Reviews, Previous Quarter
- Wikipedia ChatGPT - MStyles_(WMF) - T344853#9410749 - Resolving for now, plugin to be retired soon.
- FundraiseUp Vendor Products - MMartorana_(WMF) - T347104#9249277 - Andy C decided to resolve this as a medium risk, owned by Greg G and Fundraising Tech, within the AppSec Risk Register.
- Extension:WikimediaCampaignEvents - MMartorana_(WMF) - T350900#9423738 - Resolved as low risk.
- mck89/peast Vendor Package - SBassett_(WMF) - T347922#9419070 - Resolved as low risk.
- endroid/qr-code PHP library - MStyles_(WMF) - T339389#9201290 - Resolved as low risk, from the previous quarter.
- Extension:SpamRegex - MMartorana_(WMF) - T241451#8982475 - Resolved as low risk, from the previous quarter.
Reviews That Need Follow-Up This Quarter
- Comms Wordpress plugins - MMartorana_(WMF) - T335004 - Needs follow-up, otherwise will go into the risk register as a medium risk.
Updates Made For Other Review Tasks
- None.
Accepted Reviews To Complete This Quarter
- MathJax - MMartorana_(WMF) - T354136
- Matomo and related code - MStyles_(WMF) - T351657
- Extension:ReportIncident - SBassett_(WMF) - T350253
- Extension:CommunityConfiguration - MMartorana_(WMF) - T349568
- Floating UI - SBassett_(WMF) - T349569