[aerogear-dev] Security Policy on AeroGear
Bruno Oliveira
bruno at abstractj.org
Fri Jul 12 09:13:23 EDT 2013
Good morning peeps.
I had some conversation with Matthias about the encourage the usage of
SSL into Unified Push server, after some minutes thinking would be
better if we could make it no only for AGPUSH.
So here is the whole and simple idea:
- Include a Security Policy on AeroGear site.
Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David
Jorm pointed me out for that)
I already got in touch with security response team from Red Hat
- Create an alias security at aerogear.org which redirects to our incident
response team on Red Hat
- Make things crystal clear into our projects via SECURITY.md file
Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md
And also include recommendations to make use of SSL with HSTS.
Once it affects the whole project, your feedback is welcome.
--
abstractj
More information about the aerogear-dev
mailing list