Commit a61c0f95 authored by Josh's avatar Josh
Browse files

Update security policy

parent e6e3c978
......@@ -13,7 +13,9 @@ Our security practices have these goals:
disclosed inappropriately
* To ensure the privacy of our clients and our clients' users
* To ensure that infrastructure we maintain is not accessed nor exploited by
third parties, e.g. to carry out a DDOS attack
unauthorized parties, e.g. tampering with account information
* To ensure that infrastructure we maintain is not utilized to attack users or
third parties, e.g. cross site scripting used to attack site visitors
* To ensure that infrastructure we maintain is resilient against attacks
## 2. Roles and Responsibilities
......@@ -82,15 +84,16 @@ some sort of auto-lock enabled (require password/biometric/etc. after certain
amount of time).
The operating system and other software used by team members on their own laptop
or other devices must be kept updated and free of security vulnerabilities. If
using Windows laptops/machines, they must have a firewall and up to date
anti-virus software.
or other devices must be kept up to date with all available security patches,
and must follow best practices for securely configuring their choice of
operating system. If using Windows laptops/machines, they must have a firewall
and up to date anti-virus software.
### Passwords
Team members must use secure, unique passwords for services/systems that they
use for OpenCraft work, and must store the passwords securely (use a password
manager).
Team members must use sufficiently random, unique passwords for services/systems
that they use for OpenCraft work, and must store the passwords in a safe
location, such as a vetted and trustworthy password manager.
### Two Factor Authentication
......@@ -101,7 +104,8 @@ Google Apps and Amazon Web Services.
### HTTPS
All publicly accessible websites and web applications set up by OpenCraft must
allow HTTPS connections.
allow HTTPS connections, the default protocol used should be HTTPS, and HTTP
connections should redirect to HTTPS.
### Security Clearance
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment