Sounds like a good idea, to have an overall "Security Policy"Also + on HTTP Strict Transport Security (HSTS)--On Fri, Jul 12, 2013 at 3:13 PM, Bruno Oliveira <bruno@abstractj.org> wrote:Good morning peeps.
I had some conversation with Matthias about the encourage the usage of
SSL into Unified Push server, after some minutes thinking would be
better if we could make it no only for AGPUSH.
So here is the whole and simple idea:
- Include a Security Policy on AeroGear site.
Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David
Jorm pointed me out for that)
I already got in touch with security response team from Red Hat
- Create an alias security@aerogear.org which redirects to our incident
response team on Red Hat
- Make things crystal clear into our projects via SECURITY.md file
Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md
And also include recommendations to make use of SSL with HSTS.
Once it affects the whole project, your feedback is welcome.
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf