[xwiki-devs] [proposal] Standardize a security specification.
Caleb James DeLisle
calebdelisle at lavabit.com
Thu Mar 24 22:23:53 UTC 2011
Sometimes there is a grey area between a security vulnerability and a really nice feature. I think
it is important that everyone understand what a user should be able to do and what a user should not
be able to do since "that's not a bug, that's a feature" is cold comfort to a user who just
discovered that his security requirements were not met. Also, having a standard laid down will allow
us to better classify security issues if they are discovered (I can proudly say that we have
improved here by leaps and bounds) I have a draft document which attempts to detail that line
between bug and feature and I think it is time to move it into main space.
More information about the devs