Wikimedia Security Team/AppSec Clinic Minutes/2023-07-06

Date: 2023-07-06

Attending: CLemoisson-WMF, MStyles_(WMF), SBassett_(WMF)

Phabricator Tasks In Progress

edit
  1. MMartorana_(WMF)
    1. T144097 - Investigating potential patches.
    2. T334437 - Working on a patch.
    3. T336113 - To triage, maybe write patch.
    4. T337695 - Waiting on legal to confirm email addr.
    5. T338034 - Item 2 resolved.
    6. T338419 - AHaT tagged and still working on this.
    7. T339016 - Tracked to next sup sec release. Can be removed.
    8. T340200 - Deployed. Can be probably removed.
  2. MStyles_(WMF)
    1. T335164 - Analysis work assigned to Maryum.
    2. T338238 - Set up AppSec CI includes for iPoid.
    3. T338611 - Offer guidance if necessary.
    4. T339393 - To analyze.
    5. T340221 - To follow up.
  3. Reedy_(WMF)
    1. T333722 - Decom channel soon.
    2. T318825 - Assigned for follow-up.
    3. T321092 - Assigned for follow-up.
    4. T330086 - Done, add reporter to secteam HoF.
    5. T335204 - Assigned to Reedy_(WMF) for review.
    6. T335288 - Assigned to Reedy_(WMF) for review.
    7. T338094 - Reedy_(WMF) triaged, assigned to Kosta H.
    8. T337949 - Assigned to Reedy_(WMF) for review.
    9. T338104 - Assigned to Reedy_(WMF) for review.
    10. T338105 - Assigned to Reedy_(WMF) for review.
  4. SBassett_(WMF)
    1. T326871 - Waiting on AHT/Thalia response.
    2. T336310 - Waiting on Trusa for naming guidance.
    3. T339260 - CR proposed security patch.
    4. T340201 - SBassett_(WMF) to analyze.
    5. T340217 - To include in forthcoming Vector 2022 review.
    6. T340220 - To include in forthcoming Vector 2022 review.

Sent to Privacy Engineering

New Phabricator Tasks Reviewed

edit
  1. T340200 - MStyles_(WMF) to analyze.
  2. T340572 - MStyles_(WMF) to analyze, blocked on NDA.
  3. T340645 - SBassett_(WMF) to analyze.
  4. T340833 - MStyles_(WMF) to analyze.
  5. T340834 - SBassett_(WMF) to analyze.
  6. T340835 - MStyles_(WMF) to analyze.
  7. T341141 - SBassett_(WMF) to analyze.