Wikimedia Security Team/Documentation

This page explains how the Wikimedia Security Team is organizing its documentation.

To report security bugs, vulnerabilities or other issues please follow our process.

Goals for this documentation strategy

 * Improve discoverability through consistency in structure
 * Improve consistency through documenting the intended structure and expectations (this page, among others)
 * Improve quality through active curation
 * Improve transparency by continually examining the need for confidentiality where it exists
 * The Security Team has commitments within our team for adhering to this framework in our handbook.

Use of a predictable landing page in /wiki/Security
On the applicable projects we plan to use /wiki/Security as a common landing page. These pages will be interlinked between projects, and will strive to function as a funnel for the user to the appropriate content. The intention is that this common entry point will allow us to structure other content around it, and as subpages under it.

Curation guiding principles
Pages that relate to the Wikimedia Security team can sometimes have unusual or distinct best practices:


 * Sometimes stale content is worse than no content as, even in the case of draft of other notices, users will acquire a false sense of safety. In these cases, completely stagnant pages for which there is no maintained current alternative may be best redirected to the landing page of /wiki/Security, or in the case of team oriented documentation to the team's landing page.
 * Use of subpages for discovery under /wiki/Security is encouraged if consistent
 * Office.wikimedia.org should only be used for confidential content which is not public. Other pages, even if informal, should live on mediawiki.org
 * Use of page moving as process for content maturity development is encouraged if consistent and documented. Example for Policy creation: /wiki/Security/Policy/Draft/Foo (initial wording) => /wiki/Security/Policy/Candidates/Foo (soliciting feedback) => /wiki/Security/Policy/Foo (as a redirect to version for translation on meta once approved).
 * Define an official process and a single page for reporting security issues. This should be referenced (at a minimum) on every /wiki/Security landing page.

Categories in Use
Wikimedia Security Team

Security