Wikimedia Security Team/AppSec Clinic Minutes/2024-10-28

Date: 2024-10-28

Dashboard: https://phabricator.wikimedia.org/portal/view/3/

Attending: MStyles_(WMF), SBassett_(WMF), MMartorana_(WMF)

Previous Tasks

edit
  1. MMartorana_(WMF)
    1. T377222- make public
    2. T377632 - investigate existing and additional mitigations
  2. MStyles_(WMF)
    1. T367677 - float a production takedown request
    2. T376745 - requester assigned to hopefully review
  3. SBassett_(WMF)
    1. T364776 - Amir is back, Scott to try and ping him again
  4. Reedy
    1. T373933 - Seems in-progress?
    2. T375537 - processed, Reedy to be working on it?
    3. T376563 - Publish public "Rules of Engagement" for security researchers and people reporting security vulnerabilities

New Phabricator Tasks Reviewed

edit
  1. T377855 - Moved to watching, likely to include in future supp release.
  2. T378156 - Untagged security team.
  3. T377905 - SBassett_(WMF) to review.
  4. T378157 - Untagged security team.
  5. Note: untagged security team from all of the OpenBao tasks.
  6. T378349 - Untagged security team.
  7. T378359 - Assigned to MMartorana_(WMF) for review.
  8. T378364 - Currently watching, but no direct ask of the security team.