[Flow] The Security Team needs a Flow Developer

Tim Kandel tim at timkandel.de
Fri Sep 12 14:13:44 CEST 2014 

Hi Helmut!

I'd be willing to chime in, if I count as qualified :)


Kind regards

2014-09-12 13:33 GMT+02:00 Helmut Hummel <helmut.hummel at typo3.org>:

> Hi all,
>
> since Francois' initiative went pretty well a few months ago, I'll also
> try to get help from you.
>
> The process of publishing advisories has turned out to be a very tedious,
> error prone and time consuming task, which is one of the reasons we have to
> delay publications of these for too long.
>
> We had the idea to create an application that can automate that task
> already a few years ago, but never managed to get it started.
>
>
> The idea is that we enter advisory data in a structured way and use this
> structured data to render different views of the advisories.
>
> By doing so we could add smart search and filters, to find things like "in
> which Extension/ TYPO3/ Flow/ Neos version has a specific issue been fixed"
> or "show a list of vulnerable TYPO3 CMS versions" or offer a REST service
> with such information.
>
> We finally started to create such an incident handling system a few months
> ago and within one sprint week we got pretty for with basic functionality[1]
>
> However there are still a lot of things to do for it to be really useful
> for us.
>
> Here is a list of things that are missing:
>
> * Streamline creating and edtiting functionality
>         * better version picker
>         * concept for entering "nested data"
>         * CVSS input wizard
>         * Basic rich text editor for some fields
>         * Good product picker (select TYPO3 products as well as one of >
> 2000 Extensions)
>         * much more
>
> * Create an (cli) importer for Extension/Versions (and probably TYPO3 CMS,
> Flow, Neos versions)
> * Implement published/ non published states for advisories
> * Implement Security policies with certain permissions on views and data
> (published advisories for all, non published advisories of extensions, non
> published advisories for TYPO3 products, issue lists, issue creation etc.)
> * Importer for old advisories (from semi structured HTML)
> * or alternatively edit view for easy manual creation of old advisories
> * Create possibility to ship the application as Neos plugin
>
> and probably more.
>
> So we're looking for a qualified Flow developer who would like to pick
> up this work. There's a budget of about 200h, at standard association
> rate of 55€/h.
>
> Please answer here if your are interested.
>
> Thanks!
>
> Kind regards,
> Helmut
>
>
> [1]https://github.com/helhum/TYPO3.IHS
>
> --
> Helmut Hummel
> Release Manager TYPO3 6.0
> TYPO3 CMS Active Contributor, TYPO3 Security Team Member
>
> TYPO3 .... inspiring people to share!
> Get involved: typo3.org
> _______________________________________________
> Flow mailing list
> Flow at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow

More information about the Flow mailing list