Wikimedia Security Team/Security Review Planning/2024-07-03
Minutes for the Security Team's Q1 2024 (FY24) (July to September) quarterly planning session
Date: 2024-07-03
Secscrum board: https://phabricator.wikimedia.org/tag/secscrum/
Attending: CLemoisson-WMF, MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF), ACooper-WMF
Below is from previous quarter, for now:
Completed Reviews, Previous Quarter
- AutoModerator - MStyles_(WMF) - T361690
- Network Session - ACooper-WMF - T357353
- IPReputation - SBassett_(WMF) - T360070
- CSS-Sanitizer - SBassett_(WMF) - T361956
- UI Service for Metrics Platform - SBassett_(WMF) - T358115
- Reefjs - MMartorana_(WMF) - T361961
- New Wordpress Plugins - MMartorana_(WMF) - T360365
Reviews That Need Follow-Up This Quarter
- Supply Chain Attack TM - MStyles_(WMF) - T366302
- Bitu Vendor Pentest - MStyles_(WMF) - T352144
- Fundraising Tech Pentest - MStyles_(WMF) - T362460
- Kartographer Pentest - MStyles_(WMF) - T362459
Accepted Reviews To Complete This Quarter
- Shared Login Threat Model - SBassett_(WMF) - T367995
- Fundraising Tech Threat Model - MStyles_(WMF) - T366950
- service-runner replacement - ACooper-WMF - T362774
- ext:PlaceNewSection (comm) - ACooper-WMF - T355161
- ext:MetricsPlatform - MMartorana_(WMF) - T366233
- ext:CommunityRequests - SBassett_(WMF) - T365525
- ext:Adiutor (comm) - ACooper-WMF - T355150
- Quarto (vendor) - ACooper-WMF - T365144
- LimeSurvey emoji extension (vendor) - ACooper-WMF - T366634
- async-profiler (vendor) - ACooper-WMF - T362563
- OpenTelemtry SDK (vendor) - ACooper-WMF - T367905