Purpose of the Activity
- Identify which security documentation already exists and where
- Put everything in one place at least as a reference
- Identify gaps and fill those
- Make everything of general relevance available from RTD
Activity Register
| Activity Name | Description | Owner | Created | Status (open, closed) |
|---|---|---|---|---|
Meeting Notes and Current State of the Discussion:
- Meeting from 05. March 2020:
Meeting from 19. March 2020
Open Source Project Documentation Examples:
- Eclipse Jetty
- https://www.eclipse.org/jetty/
- Nice features
- Security Reports includes a table of all known CVEs affecting Jetty and the release in which the vulnerability was fixed: https://www.eclipse.org/jetty/security-reports.html
- Documentation contains a section on how to configure security in Jetty: https://www.eclipse.org/jetty/documentation/current/
- Authetication and Authorization
- Limiting Form Content
- Aliased Files and Symbolic Links
- Secure Password Obfuscation
- Setting Port 80 Access for a Non-Root User
- JAAS Support
- SPNEGO Support
- Session Management
- Logging
- Observation: Jetty is a very mature project and has put a lot of time and effort into their documentation
- Ubuntu
- Ubuntu Release Notes
- Lists updated packages
- Lists security improvements
- Lists known issues
- Includes instructions for reporting bugs
- Known vulnerabilities are reported at on the Ubuntu Security Notices page: https://usn.ubuntu.com/
- Ubuntu native security features are documented in the Ubuntu guides
- Example: Ubuntu Server Guide - Chapter 7, Chapter 9 (https://help.ubuntu.com/lts/serverguide/serverguide.pdf)
- Ubuntu Release Notes