Talk:ADempiere Security Policy

Couldn't find a suitable category. --Bahman 02:11, 30 June 2007 (EDT)

Process?

It would be good to have depicted in this page the process that takes in security team after the report, i.e.:

• Confirm it
• Measure the impact
• Advise Compiere and other Compiere forks
• Advise Adempiere implementors and customers about the security hole and impact
• Release a patch or workaround for stable versions when possible
• Advise Adempiere implementors and customers about how to workaround or fix it
• After some time (not determined yet) open a public tracker and release the info for public

CarlosRuiz 11:04, 30 June 2007 (EDT)

Proposal C?

• The Proposal A and B seems to be at odds with each other..
  • No abuse information in A means that info is hidden (even if they are sterilised after 10 days and with armed guards at the door
  • 10 days delay after some internal discussions is not using the bazaar power (kiddies nowithstanding - heh! its kiddies who formed the bazaar of the future)
• Proposal B is certainly not going to be accepted so no use spilling a spoilt vote over it.
• A proposal C will have to involve a preventive policy where certain risks are studied and SOPs explored so that the Proposal B can be amicably accepted by advocates of Proposal A. I know there is a way, cause i have learnt about such things while serving Banking Institutions that ends up getting hacked in millions anyway. - Red1 19:12, 4 July 2007 (EDT)

Short Story

• I cannot tell this story directly as i am governed by the Banking And Financial Institition Act (BAFIA).
• There was an old coder whom i found on a certain floor of a certain bank who told me this
• He said that he knows how the banks is getting hacked and no one else believes him in the bank
• I told him to explained to me how about USD50k is lost every month by every bank but is written off.
• He said he can stop the hacking with a very simple idea.
• He was transfered out under normal HR conditions unaware that he is the only one who can solve it.