[aerogear-dev] Security Policy on AeroGear

[Matthias Wessendorf]

+1 on HTTP Strict Transport Security (HSTS)


On Fri, Jul 12, 2013 at 3:32 PM, Matthias Wessendorf <matzew at apache.org>wrote:

> Sounds like a good idea, to have an overall "Security Policy"
>
>
> Also + on HTTP Strict Transport Security (HSTS)
>
>
> On Fri, Jul 12, 2013 at 3:13 PM, Bruno Oliveira <bruno at abstractj.org>wrote:
>
>> Good morning peeps.
>>
>> I had some conversation with Matthias about the encourage the usage of
>> SSL into Unified Push server, after some minutes thinking would be
>> better if we could make it no only for AGPUSH.
>>
>> So here is the whole and simple idea:
>>
>> - Include a Security Policy on AeroGear site.
>>
>> Ex: http://emberjs.com/security/ or http://www.ovirt.org/Security (David
>> Jorm pointed me out for that)
>>
>> I already got in touch with security response team from Red Hat
>>
>> - Create an alias security at aerogear.org which redirects to our incident
>> response team on Red Hat
>>
>> - Make things crystal clear into our projects via SECURITY.md file
>> Ex: https://github.com/andyet/andbang.js/blob/master/SECURITY.md
>>
>> And also include recommendations to make use of SSL with HSTS.
>>
>> Once it affects the whole project, your feedback is welcome.
>>
>> --
>> abstractj
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130712/683e0a52/attachment-0001.html