8:13 a.m.
Good morning peeps.
I had some conversation with Matthias about the encourage the usage of
SSL into Unified Push server, after some minutes thinking would be
better if we could make it no only for AGPUSH.
So here is the whole and simple idea:
- Include a Security Policy on AeroGear site.
Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David
Jorm pointed me out for that)
I already got in touch with security response team from Red Hat
- Create an alias security(a)aerogear.org which redirects to our incident
response team on Red Hat
- Make things crystal clear into our projects via SECURITY.md file
Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md
And also include recommendations to make use of SSL with HSTS.
Once it affects the whole project, your feedback is welcome.
--
abstractj
8:32 a.m.
Sounds like a good idea, to have an overall "Security Policy"
Also + on HTTP Strict Transport Security (HSTS)
On Fri, Jul 12, 2013 at 3:13 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Good morning peeps.
I had some conversation with Matthias about the encourage the usage of
SSL into Unified Push server, after some minutes thinking would be
better if we could make it no only for AGPUSH.
So here is the whole and simple idea:
- Include a Security Policy on AeroGear site.
Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David
Jorm pointed me out for that)
I already got in touch with security response team from Red Hat
- Create an alias security(a)aerogear.org which redirects to our incident
response team on Red Hat
- Make things crystal clear into our projects via SECURITY.md file
Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md
And also include recommendations to make use of SSL with HSTS.
Once it affects the whole project, your feedback is welcome.
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
8:33 a.m.
+1 on HTTP Strict Transport Security (HSTS)
On Fri, Jul 12, 2013 at 3:32 PM, Matthias Wessendorf <matzew(a)apache.org>wrote:
Sounds like a good idea, to have an overall "Security
Policy"
Also + on HTTP Strict Transport Security (HSTS)
On Fri, Jul 12, 2013 at 3:13 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
> Good morning peeps.
>
> I had some conversation with Matthias about the encourage the usage of
> SSL into Unified Push server, after some minutes thinking would be
> better if we could make it no only for AGPUSH.
>
> So here is the whole and simple idea:
>
> - Include a Security Policy on AeroGear site.
>
> Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David
> Jorm pointed me out for that)
>
> I already got in touch with security response team from Red Hat
>
> - Create an alias security(a)aerogear.org which redirects to our incident
> response team on Red Hat
>
> - Make things crystal clear into our projects via SECURITY.md file
> Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md
>
> And also include recommendations to make use of SSL with HSTS.
>
> Once it affects the whole project, your feedback is welcome.
>
> --
> abstractj
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
4186
days inactive
4186
days old
2 comments
2 participants
participants (2)
-
Bruno Oliveira -
Matthias Wessendorf