Are you as concerned about security as we are?
One of our basic, most fundamental, priorities is security - we strive to do everything we can to provide you with a website you know will stand up to the various attempts at hacking, phishing and privacy invasion. Here in the US, very large and well-known companies are facing some serious fallout because of network and data breaches. We are looking for some vigilant people to help alert us to any potential vulnerabilities or exploits and to help us respond as quickly as possible.
Security Response Team Needs
There are many ways the security response team will contribute to ImpressCMS
- Monitor and track various online channels for ImpressCMS mentions
- Maintain a list of reported vulnerabilities and responses
- Evaluate severity and impact and set response priorities
- Contact reporting websites and individuals for verification of issues
- Follow up with reporting agencies when updates are published
- Keep the community informed
- Assist with resolutions (programming, testing)
This list is extensive, but not exhaustive. Members of the ImpressCMS Security Response Team will begin by documenting all the ways they monitor, track and respond to vulnerability reports.
Reporting a Potential Vulnerability in ImpressCMS
As a team that takes pride in providing one of the most secure content management systems, we do draw attention from people rising to the challenge of breaking through our defenses. If you are one of those people, we'd love to have you on our team! Please forward any and all potential exploits and vulnerabilities to us before announcing them to the world. Those that do alert us will be fully credited with discovery and validation of the fixes.
There are a few ways to do this. You can email the security team at firstname.lastname@example.org, or you can provide information through our security response form - http://community.impresscms.org/mod ... ?form_id=3
Responding to a Security Advisory for ImpressCMS
As a rule, we do not disclose a vulnerability until we have had a chance to evaluate it and determine its impact and severity. This also means we must know of it. We will attempt to contact the reporting agency, if they have not contacted us first. We do this to mitigate any further damage to sites at risk. In most cases, we will have addressed the issue completely within hours, depending on the issue and collaboration of the reporter.
Are you ready to become a member of our Security Response Team?
We hope so! Send an email to email@example.com (we won't think you're a exploit) and we'll add you to the mailing list.