The responses I had and am still having are overwhelming. Sorta like being
spammed - in a good way though. I honestly didn't think that many people
would be interested in security for libraries.

Rather than individually add the over 100 responses to an email
distribution list, I want to send out an invite to a Google discussion
group - SEC4LIB. Here we can discuss security for libraries and also
determine how to proceed in organizing the SEC4LIB group. This Google group
may only be a temporary home until the group decides how best to move
forward, communicate and share ideas:

I want to clarify a few things as the SEC4LIB discussions move forward. As
of now, this is an informal group to discuss and investigate existing
security features and shortcomings of library services, applications,
products, and solutions.This would include documenting, researching,
investigating, and pen-testing library applications, services, products,
and solutions.

   - Bring attention to the security aspect and concerns of library
   software, applications, services, products, and solutions
   - Address the concerns that as more enhancements to existing library
   applications, services, products, and solutions are implemented, securing
   those enhancements or new applications, services, products, and solutions
   are equally important
   - Work with vendors and providers to address security concerns in the
   products, services, applications, and solutions we depend on
   - Discuss general security practices and policies for library operations
   - Conduct research, investigations, and dialog in a professional manner

Feel free to share this with colleagues and interested parties.


Erin Germ