I remember the related discussion from last month (http://serials.infomotions.com/code4lib/archive/2012/201203/thread.html#777) -- and kudos for bringing it up again -- and I find I'm still of mixed feelings about it. Security is an important aspect of software development, no argument, but I wonder if there is something separate or distinct for libraries about the topic. What I do wonder about, though, is if there is a role for a generic-to-libraries security incident response team that would responsibly take in reports of security problems, work with vendors and/or software developers, and publish outcomes. I could see a need for such a team that was respected in our field and had contacts with people from the vendor community and FOSS projects. Peter On Apr 20, 2012, at 12:35 PM, Erin Germ wrote: > At IUG I talked to a few people about security of library services and > applications. Becky had mentioned doing a breakout session to discuss > security at the next IUG or conference. > > Would anyone be interested in helping plan a breakout session and > discussing security of library services and application? A recent > presentation lead me to believe it would also be of great value to have a > set of good practices that are very accessible to those who do not have a > security, or even IT, background. > > Or would anyone be interested in forming an informal SEC4LIB discussion > group. This would be an informal group to discuss existing security > features and shortcomings of library services and applications. Ideally > this would include a blend of high and low level skills and knowledge. > > I am personally interested in documenting known and patched vulnerabilities > of current and past library software and services. -- Peter Murray Assistant Director, Technology Services Development LYRASIS [log in to unmask] +1 678-235-2955 1438 West Peachtree Street NW Suite 200 Atlanta, GA 30309 Toll Free: 800.999.8558 Fax: 404.892.7879 www.lyrasis.org LYRASIS: Great Libraries. Strong Communities. Innovative Answers.