Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Engineering Leads

raff Org Administrator

Contributors

Mike Seaton Samuel Lubwama Ian Bacher Grace Potma

Due date

Objective

More robust out-of-the-box security for the O3 RefApp.

Key outcomes

  1. IN PROGRESS 3rd party Pen Test

  2. COMPLETE Vulnerability Tracker

  3. IN PROGRESS Fixes for issues found during Pen Test

  4. IN PROGRESS Triage unresolved vulnerabilities

  5. NOT STARTED Default support for Authentication Module in O3 RefApp

  6. IN PROGRESS More Security Guidance for implementers

\uD83E\uDD14 Problem Statement

  • Whereas CyberSecurity audits and authentication details have historically been handled by implementations one-by-one;

  • We want to be sure that the O3 RefApp has had a robust central effort to review and enhance it’s security

  • So that this out-of-the-box offering when globally scaled has no substantial weaknesses - especially in the context of a rise in cloud hosting.

\uD83D\uDEA9 Milestones and deadlines

Milestone

Owner

Deadline

Status

  1. IN PROGRESS Completed 3rd party Pen Test

  2. COMPLETE Create new, private Vulnerability Tracker (since Jira config hasn’t proven entirely trustworthy for embargoed issues we don’t want to make public yet)

  3. IN PROGRESS Completed fixes for issues found during 3rd party Pen Test

  4. IN PROGRESS Triage list of unresolved vulnerabilities into the new, private Vulnerability Tracker

  1. Add default support for Authentication Module into O3 RefApp.

Samuel Lubwama & Org Administrator

NOT STARTED

  1. More detailed sample Implementer Guides for implementation security maintenance.

IntelliSOFT Consulting Ltd.

IN PROGRESS

\uD83D\uDD17 Reference materials


  • No labels