devel:security_audit
This is an old revision of the document!
Table of Contents
DokuWiki Security Audit
It is planned to get a security code review / security audit for DokuWiki by SektionEins GmbH. This page intends to coordinate the needed community actions to organize the fundraising and other audit related processes.
FAQ
What? Why?
See the following mailing list threads if you need more background information:
How much money is needed? How to get it?
The estimated budget is 15 000 EUR.1) There will be fundraising campaign to organize the money.
What happens if we can't raise enough money?
Let's wait and see (why solve problems before they even exist?). However, there are several options:
- Start a second fundraising round.
- SektionEins said that a discount would be possible if we really book fifteen audit days.
- We can discuss if there are services we can disclaim to get “as much audit as possible for the budget we can organize”. SektionsEins told us that many Open Source projects don't buy a full security audit but setting a budget of e.g. 10.000 EUR plus trying to get as much audit as possible by dropping all services excluding the pure code audit (like the final audit report).
I have a great Idea / I want to help / I know how to get some money!
- Great! Just start a discussion on the mailing list or the forum.
- If your information has to be kept confidential/non-public, feel free to contact Andreas Haerter or Andreas Gohr.
Fundraising
Established Planning
ToDo
1)
15 audit days with a daily feerate of 1000 EUR
(excluding VAT, “netto”)
devel/security_audit.1333080717.txt.gz · Last modified: 2012-03-30 06:11 by Andreas