[aerogear-dev] Security Policy on AeroGear

Bruno Oliveira bruno at abstractj.org
Fri Jul 12 09:13:23 EDT 2013


Good morning peeps.

I had some conversation with Matthias about the encourage the usage of 
SSL into Unified Push server, after some minutes thinking would be 
better if we could make it no only for AGPUSH.

So here is the whole and simple idea:

- Include a Security Policy on AeroGear site.

Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David 
Jorm pointed me out for that)

I already got in touch with security response team from Red Hat

- Create an alias security at aerogear.org which redirects to our incident 
response team on Red Hat

- Make things crystal clear into our projects via SECURITY.md file
Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md

And also include recommendations to make use of SSL with HSTS.

Once it affects the whole project, your feedback is welcome.

-- 
abstractj



More information about the aerogear-dev mailing list