judell
commented
10 years ago This is really a place holder for deciding what our actual security plan is. We are opening ports on people's personal machines and letting folks from the Internet write to them. This is pretty serious stuff and we need to have a security plan that gets us to a reasonable place.
We need a top to bottom security audit of our own code as well as determining what type of security audits (if any) exist for our dependencies.