Wikimedia Security Team/AppSec Clinic Minutes/2023-08-21

Date: 2023-08-21

Attending: CLemoisson-WMF, MMartorana_(WMF), MStyles_(WMF), Reedy, SBassett_(WMF)

  1. MMartorana_(WMF)
    1. T144097 - Investigating potential patches.
    2. T334437 - Mark as invalid/decline, leave a follow-up. DONE
    3. T336113 - Try to find individuals via git history, etc.
    4. T338419 - Rate low risk, untag team. DONE
    5. T343664 - Triaged, looking for solutions.
  2. MStyles_(WMF)
    1. T335164 - Analysis work assigned to Maryum.
    2. T338238 - Set up AppSec CI includes for iPoid.
    3. T338611 - Check in with Releng in another week or two.
    4. T344130 - To review, possibly write patch.
  3. SBassett_(WMF)
    1. T326871 - Waiting on AHT/Thalia response.
    2. T336310 - Amir to add new group soon-ish, re-pinged.
    3. T343138 - Monitoring.
    4. T343822 - To review.

Sent to Privacy Engineering

No new tasks from the appsec clinic this week.

New Phabricator Tasks Reviewed

edit
  1. T344392 Assigned to MStyles_(WMF) for review.
  2. T344182 Assigned to MMartorana_(WMF) for review. ACCESS GRANTED, MAKE PUBLIC.
  3. T344250 Assigned to MStyles_(WMF) for review.
  4. T344359 Assigned to SBassett_(WMF) for review.
  5. T344509 Assigned to MMartorana_(WMF) for review. WAITING FOR MARK OR OP.