Wikimedia Security Team/Security Review Planning/2023-01-04

Minutes for the Security Team's Q3 2023 (January to March) quarterly planning session

Attending:, , , CLemoisson-WMF

Completed Reviews, Previous Quarter
 * 1) Campaign Events Threat Model / API -  - T309410#8283772
 * 2) SearchVue -  - T315250#8487006
 * 3) ext:Phonos -  - T314296#8420301
 * 4) QuickSurveys -  - T320992#8457720
 * 5) d3js (sub components) -  - T318854#8496915
 * 6) OIT LDAP decommission T155537#8479008
 * 7) Gitlab Runners - Vendor review completed and evaluated -  - T304514

Reviews That Need Follow-Up This Quarter
 * 1) Soundlogo Wordpress - Done, awaiting requester feedback -  - T317769#8487670
 * 2) Campaigns V2 - Allotting space for this, reached out to requester for details -  - T322871#8499433
 * 3) RESTbase decomission - threat-modeling, to discuss and plan -  - T325073
 * 4) Wikispeech - re-evaluate/decline -  - T180021

Updates Made For Other Review Tasks
 * 1) Abstract Wikipedia - Language Review for ZObject spec, trying to complete this quarter -  - T302472

Accepted Reviews To Complete This Quarter
 * 1) ext:OurWorldInData -  - T324989
 * 2) Swagger UI vendor review -  - T325558
 * 3) ext:RealMe -  - T324536
 * 4) Device analytics service -  - T324710
 * 5) swaggest/json-diff - left over from last quarter -  - T316523