Open mattcaswell opened 1 week ago
After we review the security policy, we should also plan to add appropriate disclaimers as comments at the beginning of the code in apps/
, pointing to the security policy and the intended usage/level of security guarantees for each app.
It's important for part of our communities to discover/be warned about the experimental/demonstrative/testing/unsafe nature of that code when perusing through their sources.
We should review the security policy with respect to the apps.
For example how should we handle server based apps such as s_server and ocsp? Do we consider these hardened security servers - or for test/demonstration purposes only? How should we treat security issues in them?