Wikimedia Security Team

To report security bugs, vulnerabilities or other issues please follow our process.

Resources

 * See our documentation strategy


 * Glossary of terms as used by the team


 * Thank our Volunteers with us.


 * Follow along with our Goals
 * Security Council charter

Responsibilities

 * Promoting and implementing security across Wikimedia Engineering throughout the software development life cycle
 * Training for developers and staff
 * Regular static and dynamic security scanning of MediaWiki and extensions
 * Vulnerability scanning
 * Tools and features that promote better security for developers and Wikimedia communities (OAuth, two-factor authentication, password policies)
 * Security auditing and response for MediaWiki and WMF deployed extensions and services
 * Security reviews, Security review scrum
 * Random Public Meeting Minutes
 * Triage, fix and deploy reported security issues
 * Getting access to security issues in Wikimedia Phabricator
 * Incident Response
 * Security Governance