[aerogear-dev] Security Policy on AeroGear
Matthias Wessendorf
matzew at apache.org
Fri Jul 12 09:32:56 EDT 2013
Sounds like a good idea, to have an overall "Security Policy"
Also + on HTTP Strict Transport Security (HSTS)
On Fri, Jul 12, 2013 at 3:13 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Good morning peeps.
>
> I had some conversation with Matthias about the encourage the usage of
> SSL into Unified Push server, after some minutes thinking would be
> better if we could make it no only for AGPUSH.
>
> So here is the whole and simple idea:
>
> - Include a Security Policy on AeroGear site.
>
> Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David
> Jorm pointed me out for that)
>
> I already got in touch with security response team from Red Hat
>
> - Create an alias security at aerogear.org which redirects to our incident
> response team on Red Hat
>
> - Make things crystal clear into our projects via SECURITY.md file
> Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md
>
> And also include recommendations to make use of SSL with HSTS.
>
> Once it affects the whole project, your feedback is welcome.
>
> --
> abstractj
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130712/5650daaf/attachment.html
More information about the aerogear-dev
mailing list