I'm supposed to help write a blog post on this at some point, but I wanted to follow Tyler's comment and say that from my perspective, and a few other people in the WMF, I'd like to see several more volunteers in the security process. We need more people doing design reviews, secure code reviews, fixing security bugs, etc.
I think it's mostly been an organic process in the past, but I'd like to be more intentional and systematic about getting contributors trained and get them access to things like the security bugs in bugzilla, so we can have more eyes on the issues and make sure new features support the direction we're headed for security. If you have +2 on core, and have reported or fixed some security bugs, I'll probably be reaching out to you over the summer to see if you're interested in getting more involved. But if anyone else is interested, feel free to get in touch with me and I'll make sure you're included on that list.
On Sat, Jun 22, 2013 at 9:52 PM, Tyler Romeo tylerromeo@gmail.com wrote:
I'd also like to know this information. Being a Bugzilla admin and helping out with the bug workflow and security issues and whatnot has always been something I've wanted to do. But if the WMF is trying to consolidate for some reason...
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com