Task title: Identify common patterns in Drupal security issues in 2007 and make suggestions for core improvements
Task description Consists of: The Drupal security team has identified 33 security improvements so far in 2007. These improvements have been applied to some of 2400 Drupal projects including 4 fixes to Drupal core. The student should review the 33 security issues to date and write a one page report making recommendations for how Drupal core should be improved to avoid these issues.
Several sentences/bullets that provide more detail into the task:
* Read each of the 33 security issues for Drupal in 2007
* Create a security taxonomy to help classify issues
* Identify the most common vulnerabilities in Drupal core.
* Identify the most common vulnerabilities in Drupal contributed projects.
* Create a one page report for review by the 30 members of the Drupal security team.
* Once the report has been reviewed by the Drupal security team the report should be posted to the Drupal development list
* The student should post their report to report the security education section of Drupal handbooks.
* The student should post their report to the front page of Drupal.org
Resources Bulleted list of resources specific to the task. This includes handbook pages, off-site resources, IRC channels, related groups on groups.drupal.org, etc.
http://code.google.com/p/google-highly-open-participation-drupal/wiki/Fu...
Estimated time: Four days. One day reading 33 security reports. One day researching a security taxonomy. One day writing the brief report to the security team. One day publish and educating the Drupal community about Drupal security issues.
Primary contact: Kieran Lal, aka Amazon, and the Drupal security team.
Comments
Comment #1
jcrawfordor commentedI've claimed this task at GHOP and created this account here.
Comment #2
webchickThis was completed by the student. The work is available at http://code.google.com/p/google-highly-open-participation-drupal/issues/...