Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

CAS AppSec Working Group Call

Meeting Details

Participants

Agenda

Meeting Notes

After brief introductions the previous meeting minutes were reviewed and approved.

Potential Tools list started and discussed.

Discussed the potential need for separate public and private mailing list for the working group.  For now continue use cas-dev for public communication, and look into setting up a private list for vulnerability discussions.

Consider adopting OWASP model (Builders, Breakers, Defenders) to help organzie and prioritize various work activties.

Refine WG scope and objectives via draft charter.

Meetings to be scheduled bi-weekly preferably not on Fridays.

With the OWASP model in mind, where should the group focus our efforts first? 

Action Items

  • List potential tools for use in a security assessment on WG home page - Team
  • Reach out to potential tool vendors regarding licenses for open source projects - Bill
  • Sketch out CAS security assessment - Team
  • Establish liaison with Jasig Security Contact Group - Andrew
  • Establish recurring meeting - Bill  
  • Draft WG charter - Andrew
  • Draft inventory of 3rd party vs custom code - Jérôme
  • Draft example security artifacts (data flow diagram, etc) - David

Post Meeting Notes (catch-all, Alibi's)

  • No labels