1. Review all previously reported issues on dev & sent to security list.
   1. Ask bug reporters how they would like to be acknowledged.
2. Contact all people that have helped in the past.
3. Proceed to security audit as per our release procedures.
   • run doc/devtools/securitycheck.php and check each "potentially unsafe" file.
   • Check for presence of all .htaccess files
   • Add files to robots.txt (printed pages, etc.)
4. Update security.tiki.org with sections for new version
5. Run Security DB

• Keep up to date:
  • https://dev.tiki.org/Security
  • https://security.tiki.org
  • https://tiki.org/SecTightening
• Monitor what comes in on the security mailing list, and respond accordingly. Ex.: http://secunia.com/product/3356/?task=advisories
  • Ask bug reporters how they would like to be acknowledged.
• Proactively finds ways to make Tiki more secure
• Release security patches
• Document current security-related things
• Filtering Best Practices
• Interactions with security researchers and companies

• The security team coordinator is Brendan Ferguson (drsassafras)
  • All disclosures are in the tracker and followed up in a timely fashion
  • Makes sure proper credit is given to researchers for responsible disclosures

• Document how to run SecDB for people running from SVN
  • SecDB update is incorporated into doc/devtools/svnup.php now (since Tiki 16 i think )

Brendan (drsassafras) is the security team coordinator, and John Chishugi is the assistant-coordinator.

• Adrien
• Alvin Bauma
• amette
• Arild Berg
• Benoit Grégoire
• Bernard Sfez / Tiki Specialist
• Gary Cunningham-Lee
• drsassafras
• EgiX
• Geoff Brickell
• Henock Tshibanda
• ibrahim mussa
• Jonny Bradley
• Jean-Marc Libs
• Victor Emanouilov
• Luis Henrique Fagundes
• lindon
• luciash d' being 🧙
• Marc Laporte
• Fabio Montefuscolo
• Oliver Hertel
• rjsmelo
• Roberto Kirschbaum
• Rodriguez Nyiringabo
• Torsten Fabricius
• Xavi (as xavidp - admin)

• SecuritySquad
• SecurityTeam
• Security Squad
• Security Group
• SecurityGroup