Wikimedia Security Team/AppSec Clinic Minutes/2023-07-06

1. MMartorana_(WMF)
   1. T144097 - Investigating potential patches.
   2. T334437 - Working on a patch.
   3. T336113 - To triage, maybe write patch.
   4. T337695 - Waiting on legal to confirm email addr.
   5. T338034 - Item 2 resolved.
   6. T338419 - AHaT tagged and still working on this.
   7. T339016 - Tracked to next sup sec release. Can be removed.
   8. T340200 - Deployed. Can be probably removed.
2. MStyles_(WMF)
   1. T335164 - Analysis work assigned to Maryum.
   2. T338238 - Set up AppSec CI includes for iPoid.
   3. T338611 - Offer guidance if necessary.
   4. T339393 - To analyze.
   5. T340221 - To follow up.
3. Reedy_(WMF)
   1. T333722 - Decom channel soon.
   2. T318825 - Assigned for follow-up.
   3. T321092 - Assigned for follow-up.
   4. T330086 - Done, add reporter to secteam HoF.
   5. T335204 - Assigned to Reedy_(WMF) for review.
   6. T335288 - Assigned to Reedy_(WMF) for review.
   7. T338094 - Reedy_(WMF) triaged, assigned to Kosta H.
   8. T337949 - Assigned to Reedy_(WMF) for review.
   9. T338104 - Assigned to Reedy_(WMF) for review.
   10. T338105 - Assigned to Reedy_(WMF) for review.
4. SBassett_(WMF)
   1. T326871 - Waiting on AHT/Thalia response.
   2. T336310 - Waiting on Trusa for naming guidance.
   3. T339260 - CR proposed security patch.
   4. T340201 - SBassett_(WMF) to analyze.
   5. T340217 - To include in forthcoming Vector 2022 review.
   6. T340220 - To include in forthcoming Vector 2022 review.

Sent to Privacy Engineering

1. T340200 - MStyles_(WMF) to analyze.
2. T340572 - MStyles_(WMF) to analyze, blocked on NDA.
3. T340645 - SBassett_(WMF) to analyze.
4. T340833 - MStyles_(WMF) to analyze.
5. T340834 - SBassett_(WMF) to analyze.
6. T340835 - MStyles_(WMF) to analyze.
7. T341141 - SBassett_(WMF) to analyze.