Make a Lasting Impression
ImpressCMS Blog > Join The Security Response Team

Join The Security Response Team

Security is our lifeAre you as concerned about security as we are?

One of our basic, most fundamental, priorities is security - we strive to do everything we can to provide you with a website you know will stand up to the various attempts at hacking, phishing and privacy invasion. Here in the US, very large and well-known companies are facing some serious fallout because of network and data breaches. We are looking for some vigilant people to help alert us to any potential vulnerabilities or exploits and to help us respond as quickly as possible.

Security Response Team Needs

There are many ways the security response team will contribute to ImpressCMS

  • Monitor and track various online channels for ImpressCMS mentions
  • Maintain a list of reported vulnerabilities and responses
  • Evaluate severity and impact and set response priorities
  • Contact reporting websites and individuals for verification of issues
  • Follow up with reporting agencies when updates are published
  • Keep the community informed
  • Assist with resolutions (programming, testing)

This list is extensive, but not exhaustive. Members of the ImpressCMS Security Response Team will begin by documenting all the ways they monitor, track and respond to vulnerability reports.

Reporting a Potential Vulnerability in ImpressCMS

As a team that takes pride in providing one of the most secure content management systems, we do draw attention from people rising to the challenge of breaking through our defenses. If you are one of those people, we'd love to have you on our team! Please forward any and all potential exploits and vulnerabilities to us before announcing them to the world. Those that do alert us will be fully credited with discovery and validation of the fixes.

There are a few ways to do this. You can email the security team at security@impresscms.org, or you can provide information through our security response form - http://community.impresscms.org/mod ... ?form_id=3

Responding to a Security Advisory for ImpressCMS

As a rule, we do not disclose a vulnerability until we have had a chance to evaluate it and determine its impact and severity. This also means we must know of it. We will attempt to contact the reporting agency, if they have not contacted us first. We do this to mitigate any further damage to sites at risk. In most cases, we will have addressed the issue completely within hours, depending on the issue and collaboration of the reporter.

Are you ready to become a member of our Security Response Team?

We hope so! Send an email to security@impresscm.org (we won't think you're a exploit) and we'll add you to the mailing list.

All posts by skenow
Subscribe to latest posts
The comments are owned by the poster. We aren't responsible for their content.
Poster Thread
fiammybe
Posted: 2014/9/16 20:56  Updated: 2014/9/16 20:56
Home away from home
Joined: 2009/3/3
From: Belgium
Posts: 1944
 Re: Join The Security Response Team
This is quite a bit responsibility, so the more people we have to take care of this, the better. We don't only need security gurus to take part, we also need people watching the net for vulnerability reports, doing follow-up with security firms, etcetera. If you're interested or intrigued, send us a mail to talk about it