Wikimedia Security Team/Vulnerability scanning

To satisfy PCI's requirement 11.2.3, the Security Team manages and runs frequent vulnerability scans of all fundraising hosts, and helps FrTech address any issues identified. The Security Team uses OpenVAS, in keeping with the WMF's commitment to using open-source tools whenever possible. The team packages the most recent version of OpenVAS for Ubuntu Trusty, which is deployed on scanning server in the fundraising cluster.

Instructions for running scans, along with packaging tips can be found on collab wiki. Results are kept in Google Drive.

Since the team is already packaging and running OpenVAS regularly, we hope to offer vulnerability scanning services for other systems at the foundation in the future.