I remember the related discussion from last month (http://serials.infomotions.com/code4lib/archive/2012/201203/thread.html#777) -- and kudos for bringing it up again -- and I find I'm still of mixed feelings about it. Security is an important aspect of software development, no argument, but I wonder if there is something separate or distinct for libraries about the topic. What I do wonder about, though, is if there is a role for a generic-to-libraries security incident response team that would responsibly take in reports of security problems, work with vendors and/or software developers, and publish outcomes. I could see a need for such a team that was respected in our field and had contacts with people from the vendor community and FOSS projects.
Peter
On Apr 20, 2012, at 12:35 PM, Erin Germ wrote:
> At IUG I talked to a few people about security of library services and
> applications. Becky had mentioned doing a breakout session to discuss
> security at the next IUG or conference.
>
> Would anyone be interested in helping plan a breakout session and
> discussing security of library services and application? A recent
> presentation lead me to believe it would also be of great value to have a
> set of good practices that are very accessible to those who do not have a
> security, or even IT, background.
>
> Or would anyone be interested in forming an informal SEC4LIB discussion
> group. This would be an informal group to discuss existing security
> features and shortcomings of library services and applications. Ideally
> this would include a blend of high and low level skills and knowledge.
>
> I am personally interested in documenting known and patched vulnerabilities
> of current and past library software and services.
--
Peter Murray
Assistant Director, Technology Services Development
LYRASIS
[log in to unmask]
+1 678-235-2955
1438 West Peachtree Street NW
Suite 200
Atlanta, GA 30309
Toll Free: 800.999.8558
Fax: 404.892.7879
www.lyrasis.org
LYRASIS: Great Libraries. Strong Communities. Innovative Answers.
|