Jump to content

Wikimedia Security Team/Security Review Planning/2024-07-03

From mediawiki.org

Minutes for the Security Team's Q1 2024 (FY24) (July to September) quarterly planning session

Date: 2024-07-03

Secscrum board: https://phabricator.wikimedia.org/tag/secscrum/

Attending: CLemoisson-WMF, MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF), ACooper-WMF

Below is from previous quarter, for now:

Completed Reviews, Previous Quarter

  1. AutoModerator - MStyles_(WMF) - T361690
  2. Network Session - ACooper-WMF - T357353
  3. IPReputation - SBassett_(WMF) - T360070
  4. CSS-Sanitizer - SBassett_(WMF) - T361956
  5. UI Service for Metrics Platform - SBassett_(WMF) - T358115
  6. Reefjs - MMartorana_(WMF) - T361961
  7. New Wordpress Plugins - MMartorana_(WMF) - T360365

Reviews That Need Follow-Up This Quarter

  1. Supply Chain Attack TM - MStyles_(WMF) - T366302
  2. Bitu Vendor Pentest - MStyles_(WMF) - T352144
  3. Fundraising Tech Pentest - MStyles_(WMF) - T362460
  4. Kartographer Pentest - MStyles_(WMF) - T362459

Accepted Reviews To Complete This Quarter

  1. Shared Login Threat Model - SBassett_(WMF) - T367995
  2. Fundraising Tech Threat Model - MStyles_(WMF) - T366950
  3. service-runner replacement - ACooper-WMF - T362774
  4. ext:PlaceNewSection (comm) - ACooper-WMF - T355161
  5. ext:MetricsPlatform - MMartorana_(WMF) - T366233
  6. ext:CommunityRequests - SBassett_(WMF) - T365525
  7. ext:Adiutor (comm) - ACooper-WMF - T355150
  8. Quarto (vendor) - ACooper-WMF - T365144
  9. LimeSurvey emoji extension (vendor) - ACooper-WMF - T366634
  10. async-profiler (vendor) - ACooper-WMF - T362563
  11. OpenTelemtry SDK (vendor) - ACooper-WMF - T367905
Retrieved from "https://www.mediawiki.org/w/index.php?title=Wikimedia_Security_Team/Security_Review_Planning/2024-07-03&oldid=6616567"