|15 min||Security Audit question|
Review plan for security audit and discuss suggestion raised by a core team developer - perhaps it would be the best to identify the most security related parts of the existing code (e.g. Okapi or RAML Module Builder) first and to initiate a manual security related review by the team. The idea behind is to get the most of the external security audit afterwards and to avoid that the audit reports facts that are already known
Note that the plan is for the audit to start in early February. After discussing we think that between resource unavailability and the value that an independent 3rd party documenting a comprehensive assessment that we should stick to the current plan. Note also that we still need to nail down the details as far as which environment and what resource provides access and answers questions for the vendor. Will consider outside of the TC meeting between Mike, Mark and Jakub which environment(s) and/or resources make the most sense.
|10 min||FOLIO Security Policy|
What are the next steps for the Security Doc that has been approved by the Tech Council?
Review WOLFcon Agenda:
Agreed to review plans at next week's meeting.