Wikimedia Security Team

To report security bugs, vulnerabilities or other issues please follow our process.

Resources

 * See our documentation strategy


 * Glossary of terms as used by the team


 * Thank our Volunteers with us.


 * Follow along with our Goals
 * Security Council charter

Responsibilities

 * Promoting and implementing security across Wikimedia Engineering throughout the software development life cycle
 * Training for developers and staff
 * Regular static and dynamic security scanning of MediaWiki and extensions
 * Vulnerability scanning
 * Tools and features that promote better security for developers and Wikimedia communities (OAuth, two-factor authentication, password policies)
 * Security auditing and response for MediaWiki and WMF deployed extensions and services
 * Security reviews, Security review scrum
 * Random Public Meeting Minutes
 * Triage, fix and deploy reported security issues
 * Getting access to security issues in Wikimedia Phabricator
 * Incident Response
 * Security Governance

Contact The Security Team

 * To report a security issue with MediaWiki or any other Wikimedia-related code, please see Reporting Security Bugs.
 * To get the Security Team's general attention on non-critical issues within Phabricator, please tag the #security-team project on a task. Such tasks are typically reviewed during weekly triage meetings, however it sometimes helps to poke us on IRC or via email just to ensure we're fully aware of the task.
 * To very generally contact the Security Team, [mailto:security-team@wikimedia.org please email us here].