High-Assurance Application Security Offer for ElkArte January 27, 2015, 04:04:10 pm At ElkArte, we take pride in producing the best code and keeping ElkArte modern, free and powerful community building forum. In this day and age high-assurance security is something that we have to start thinking about. As a community, we’ve done our best as far as code security; now, we’re looking to advance to the next level.SecurifyLabs, a company that specializes in open-source assessment and remediation support approached us. Their collaborations include open-source initiatives such as Tiki Wiki CMS Groupware and BigBlueButton. Having SecurifyLabs as our security partner will be a game changer for our entire community. Become a sponsorSecurifyLabs uses a unique funding approach to make high-assurance application security available for open-source projects, at no cost to the community. Instead of charging developers, SecurifyLabs builds customized security test cases and vulnerability scanning for each open-source they work with, these test cases and vulnerability scanning are meant to test the server that runs ElkArte to ensure the server security. In return they offer application security services that are increasing in value as more users support the project. Anyone becoming a sponsor will help make ElkArte become more secure for our entire community. Here is the campaign schedule as we received it from SecurifyLabs Services UnlockedNumber ofPackages RequiredLevel 1Threat Assessment and Code Review for Injection Attacks2Level 2Code Review for Authentication and Session Management Issues as well as Cross-site Scripting4Level 3Code Review for Insecure Direct Object Reference and Security Misconfiguration6Level 4Code Review for the Rest of OWASPs Top 108Level 5One Round of Retest to Ensure Proper Vulnerability Remediation10So once they sell two ElkArte’s specific vulnerability scanning packages of any kind, they would start automatically performing threat assessment and review the code for injection attacks, and so on.What’s In It For You?Buying the scanning packages from SecurifyLabs, in addition to the deep inspection assessment you get for the server hosting ElkArte, which ensures that the server, OS, supporting software are all secure, you will receive curated code findings report. But the most valuable reward is that your contribution will help us dramatically decrease the need for urgent security updates, offering you better protection and total peace of mind. You’ll also become part of the modern open-source initiative; by supporting our mission, you can help ensure that ElkArte stays one step ahead of hackers, leading the way for open-source projects worldwide.What’s In It For Your Community?SecurifyLabs offers a wide array of security services, which would be of great benefit to ElkArte. The more sponsors we get, the more services we can access – and the more secure our software and your server will be.You can find more details here: www.securifylabs.com
Re: High-Assurance Application Security Offer for ElkArte Reply #1 – January 27, 2015, 09:06:46 pm So long they remain optional. I hate to rely on any security products.