[Flow] The Security Team needs a Flow Developer

Helmut Hummel helmut.hummel at typo3.org
Fri Sep 12 13:33:45 CEST 2014 

Hi all,

since Francois' initiative went pretty well a few months ago, I'll also 
try to get help from you.

The process of publishing advisories has turned out to be a very 
tedious, error prone and time consuming task, which is one of the 
reasons we have to delay publications of these for too long.

We had the idea to create an application that can automate that task 
already a few years ago, but never managed to get it started.


The idea is that we enter advisory data in a structured way and use this 
structured data to render different views of the advisories.

By doing so we could add smart search and filters, to find things like 
"in which Extension/ TYPO3/ Flow/ Neos version has a specific issue been 
fixed" or "show a list of vulnerable TYPO3 CMS versions" or offer a REST 
service with such information.

We finally started to create such an incident handling system a few 
months ago and within one sprint week we got pretty for with basic 
functionality[1]

However there are still a lot of things to do for it to be really useful 
for us.

Here is a list of things that are missing:

* Streamline creating and edtiting functionality
	* better version picker
	* concept for entering "nested data"
	* CVSS input wizard
	* Basic rich text editor for some fields
	* Good product picker (select TYPO3 products as well as one of > 2000 
Extensions)
	* much more

* Create an (cli) importer for Extension/Versions (and probably TYPO3 
CMS, Flow, Neos versions)
* Implement published/ non published states for advisories
* Implement Security policies with certain permissions on views and data 
(published advisories for all, non published advisories of extensions, 
non published advisories for TYPO3 products, issue lists, issue creation 
etc.)
* Importer for old advisories (from semi structured HTML)
* or alternatively edit view for easy manual creation of old advisories
* Create possibility to ship the application as Neos plugin

and probably more.

So we're looking for a qualified Flow developer who would like to pick
up this work. There's a budget of about 200h, at standard association
rate of 55€/h.

Please answer here if your are interested.

Thanks!

Kind regards,
Helmut


[1]https://github.com/helhum/TYPO3.IHS

-- 
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 CMS Active Contributor, TYPO3 Security Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

More information about the Flow mailing list