...
Name | Present | Planned Absences |
---|---|---|
Yes | ||
Yes | ||
Yes | ||
Yes | ||
Zak Burke | Yes |
...
Time | Item | Who | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
10-15 min | Cookie SameSite topic raised in Slack | Team + Zak |
| ||||||||
1 min | Update on SECURITY-159 / FOLIO-4012 | Craig | We're on track here. Ian H. applied mitigation. Upgrade will happen when John Malconian returns from vacation. | ||||||||
5 min | TLS for edge modules | Julian + Team | For Quesnelia Bug Fix all edge modules got TLS support. Spring based edge modules must fix TLS related security issues: FOLSPRINGS-156, EDGCMNSPR-53 ("Spring Boot 3.2.6, bcprov-jdk18on 1.78 fixing vulns") Blocked by code review of the fixes:
Action: Craig McNally will reach out to Taras to ensure these get reviewed ASAP. | ||||||||
1-15 min | Jira Group and Security Level review | Team | From Craig in slack:
TODO:
| ||||||||
Remaining time | Anything Urgent? Review the Kanban board? | Team |
| ||||||||
Topic Backlog | |||||||||||
Time permitting | Advice for handling of sensitive banking information | Team | From slack conversation, I think I've gathered the following:
Let's review and discuss before providing this feedback to Raman. Axel Dörrer also suggested that defining classes of sensitivity could help teams determine which techniques are applicable in various situations. I agree having some general guidelines on this would be helpful.
It would probably help to provide concrete examples of data in each class. This can be a longer term effort, we don't need to sort out all the details today.
Today: Axel Dörrer to do a first draft as a base for further discussions | ||||||||
Status on pentesting works within Network traffic control group | Due to some absences on different reasons the group stalled. Axel will try to reactivate the group. |
...