More robust out-of-the-box security for the O3 RefApp.
Key outcomes
IN PROGRESS Completed 3rd party Pen Test
COMPLETE Create new, private Vulnerability Tracker (since Jira config hasn’t proven entirely trustworthy for embargoed issues we don’t want to make public yet)
IN PROGRESS Completed fixes for issues found during 3rd party Pen Test
IN PROGRESS Triage list of unresolved vulnerabilities into the new, private Vulnerability Tracker
NOT STARTED Add default support for Authentication Module into O3 RefApp.
IN PROGRESS More detailed sample Implementer Guides for implementation security maintenance.
\uD83E\uDD14 Problem Statement
Whereas CyberSecurity audits and authentication details have historically been handled by implementations one-by-one;
We want to be sure that the O3 RefApp has had a robust central effort to review and enhance it’s security
So that this out-of-the-box offering when globally scaled has no substantial weaknesses - especially in the context of a rise in cloud hosting.
\uD83D\uDEA9 Milestones and deadlines
Milestone
Owner
Deadline
Status
IN PROGRESS Completed 3rd party Pen Test
COMPLETE Create new, private Vulnerability Tracker (since Jira config hasn’t proven entirely trustworthy for embargoed issues we don’t want to make public yet)
IN PROGRESS Completed fixes for issues found during 3rd party Pen Test
IN PROGRESS Triage list of unresolved vulnerabilities into the new, private Vulnerability Tracker
Add default support for Authentication Module into O3 RefApp.