Grouper Users - Open Discussion List

[Tom Barton <>]

Bill, thanks. I think this is a very interesting (and fun looking!) way to help ensure that an 
app like grouper is secure.

Grouper-Users, if you or your security team colleagues might be interested in something like 
this, please speak up by replying to this thread. The grouper developers would be extremely 
interested to see what would be learned by such an effort, and I know they will want to address 
any substantial issues that would emerge.

Thanks,
Tom

On 8/14/2013 12:01 PM, William G. Thompson, Jr. wrote:
> Folks,
>
> On a recent grouper-dev call the issue of application security came
> up.  Earlier this year the CAS community formed a working group
> composed of security minded folks from the CAS adopting community.
> We've been following OWASP Threat Modeling
> https://www.owasp.org/index.php/Application_Threat_Modeling to produce
> security artifacts for CAS
> https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling.
>
> The goals of the WG include improving CAS security, providing security
> artifacts for potential adopters, and implementing policy and
> processes for vulnerability analysis and notification.
>
> There will be a presentation on this at AppSecUSA 2013 in November.
> http://appsecusa.org/2013/schedule/
>
> Anyway happy to chat about this work with anyone if there's interest
> in doing something similar for Grouper.
>
> Best,
> Bill