Talk:ADempiere Security Policy

From ADempiere
Jump to: navigation, search
This Wiki is read-only for reference purposes to avoid broken links.

Couldn't find a suitable category. --Bahman 02:11, 30 June 2007 (EDT)

Process?

It would be good to have depicted in this page the process that takes in security team after the report, i.e.:

  • Confirm it
  • Measure the impact
  • Advise Compiere and other Compiere forks
  • Advise Adempiere implementors and customers about the security hole and impact
  • Release a patch or workaround for stable versions when possible
  • Advise Adempiere implementors and customers about how to workaround or fix it
  • After some time (not determined yet) open a public tracker and release the info for public

CarlosRuiz 11:04, 30 June 2007 (EDT)

Proposal C?

  • The Proposal A and B seems to be at odds with each other..
    • No abuse information in A means that info is hidden (even if they are sterilised after 10 days and with armed guards at the door
    • 10 days delay after some internal discussions is not using the bazaar power (kiddies nowithstanding - heh! its kiddies who formed the bazaar of the future)
  • Proposal B is certainly not going to be accepted so no use spilling a spoilt vote over it.
  • A proposal C will have to involve a preventive policy where certain risks are studied and SOPs explored so that the Proposal B can be amicably accepted by advocates of Proposal A. I know there is a way, cause i have learnt about such things while serving Banking Institutions that ends up getting hacked in millions anyway. - Red1 19:12, 4 July 2007 (EDT)

Short Story

  • I cannot tell this story directly as i am governed by the Banking And Financial Institution Act (BAFIA).
  • There was a senior coder i found on a certain floor of a certain bank who told me about this.
  • He knows how the banks is getting hacked and no one else believes him in the bank that it can be solved
  • He explained to me how around USD50k is lost every month by every bank but has to be written off.
  • He hopes to stop the hacking with a very simple idea.
  • He was transfered out under normal HR conditions, where the management without prejudice is unaware that he is the only one who can solve it.
Retrieved from "http://www.adempiere.com/index.php5?title=Talk:ADempiere_Security_Policy&oldid=32865"