Added post-mortem of Codecov security incident

open-zaak / open-zaak-website

A site for the Open Zaak codebase which implements the VNG Realisatie standard APIs for case oriented work

https://openzaak.org

European Union Public License 1.2

1 stars 4 forks source link

Added post-mortem of Codecov security incident #71

Closed sergei-maertens closed 3 years ago

sergei-maertens commented 3 years ago

[x] English version
[x] Dutch version

Ainali commented 3 years ago

Do we really want to back date the post to April 16 rather than putting in today's date?

sergei-maertens commented 3 years ago

Do we really want to back date the post to April 16 rather than putting in today's date?

That's something I wasn't sure about either. I personally find it important to highlight we acted on the information from Codecov the same day we received this. I had hoped/expected to be able to publish the post sooner, but it stayed in internal review for a long time.

I think we can use the real publish dates instead of backdating, because the timeline of which action happened when is documented as well.

bvhme commented 3 years ago

I recommend publishing it and figuring out the dating afterwards, possibly changing it in a separate update.

Secondly, I recommend using today's date. But longer ago is also OK.

ericherman commented 3 years ago

Not required, but might be nice to align the NL text change (if latest and old) to match the EN version.