Talk:ADempiere Security Policy
From ADempiere
This Wiki is read-only for reference purposes to avoid broken links.
Couldn't find a suitable category. --Bahman 02:11, 30 June 2007 (EDT)
Process?
It would be good to have depicted in this page the process that takes in security team after the report, i.e.:
- Confirm it
- Measure the impact
- Advise Compiere and other Compiere forks
- Advise Adempiere implementors and customers about the security hole and impact
- Release a patch or workaround for stable versions when possible
- Advise Adempiere implementors and customers about how to workaround or fix it
- After some time (not determined yet) open a public tracker and release the info for public
CarlosRuiz 11:04, 30 June 2007 (EDT)
Proposal C?
- The Proposal A and B seems to be at odds with each other..
- No abuse information in A means that info is hidden (even if they are sterilised after 10 days and with armed guards at the door
- 10 days delay after some internal discussions is not using the bazaar power (kiddies nowithstanding - heh! its kiddies who formed the bazaar of the future)
- Proposal B is certainly not going to be accepted so no use spilling a spoilt vote over it.
- A proposal C will have to involve a preventive policy where certain risks are studied and SOPs explored so that the Proposal B can be amicably accepted by advocates of Proposal A. I know there is a way, cause i have learnt about such things while serving Banking Institutions that ends up getting hacked in millions anyway. - Red1 19:12, 4 July 2007 (EDT)
Short Story
- I cannot tell this story directly as i am governed by the Banking And Financial Institution Act (BAFIA).
- There was a senior coder i found on a certain floor of a certain bank who told me about this.
- He knows how the banks is getting hacked and no one else believes him in the bank that it can be solved
- He explained to me how around USD50k is lost every month by every bank but has to be written off.
- He hopes to stop the hacking with a very simple idea.
- He was transfered out under normal HR conditions, where the management without prejudice is unaware that he is the only one who can solve it.