[documentation] [security] [Security issue] Writing secure code case studies...
Peter Wolanin
pwolanin at gmail.com
Thu Jul 30 23:42:27 UTC 2009
Hi Duncan,
There is a "maintainers newsletter" which already exists and might be
a good place for this. That newsletter has not gotten much love or
content, so perhaps you can join in and help get it out more
regularly?
Here are past issues, and you shoudl be able to subscribe (or are
force-subscribed if you're a module maintainer)
http://drupal.org/forum/118
There is a group for newsletters here:
http://groups.drupal.org/drupal-newsletter
You might also get so volunteers at
http://groups.drupal.org/coding-standards-and-best-practices
-Peter
On Wed, Jul 29, 2009 at 6:04 PM, <drupal.org at wavelength.org.nz> wrote:
> dbabbage sent a message using the contact form at http://drupal.org/contact.
>
> Hi there,
> Have selected "security issue" as this is a suggestion for the security
> team—apologies if this means it is escalated inappropriately.
>
> I'm contacting you to suggest the idea of a security newsletter that
> presents case studies on how to write secure code. One of the great things
> about the Drupal community is that it provides a welcoming entry point for
> people new to development like myself. We have been using Drupal a while, we
> then write a few patches, we contribute a bit more substantially to a
> module, we write a module of our own, we end up porting another modules to a
> newer version of Drupal and then ultimately take over the maintaining them
> too, we start to submit core patches. (This describes my entry to the
> community anyway.) We may have read the "writing secure code" guidelines,
> and certainly intend to write secure code, but we may or may not have taken
> it *all* in and may unknowingly have sometimes not followed the guidelines.
>
> I subscribe to the security announcements, and I often think I could
> probably learn something useful by examining a diff of the fixed vs.
> previous versions of the modules that had security issues—but I've never
> gotten around to doing it. So I'd like to suggest that a email newsletter
> could from time to time present examples of insecure code that was found in
> a module, a short explanation of what made it insecure, and sample code with
> an explanation of how it was fixed. I think less experienced developers
> could learn a lot.
>
> Probably this would need to be a separate subscription to the main security
> announcements list, because some people wouldn't want it—but I'd certainly
> subscribe.
> Cheers,
> Duncan
> --
> [ Security | http://lists.drupal.org/listinfo/security ]
>
More information about the documentation
mailing list