Objective: To work with all contributors to provide the most secure possible version of ownCloud.  The group will further identify and confirm vulnerabilities to determine the impact and develop a fix.

The start date for the Security Working Group is June 1, 2016. The lead will be confirmed by the ownCloud Foundation Board.

Because membership in the Working Group gives the individual access to potentially destructive information, membership is limited to people with a known track record upon board approval.

Goals of the Security Working Group include:

  • Resolve reported security issues in a Security Advisory and communicate to ownCloud users as appropriate
  • Help maintain https://owncloud.org/security/
  • Provide assistance for contributed module maintainers in resolving security issues
  • Participate in the maintenance and resolution of the ownCloud bounty program with hackerone.com
  • Provide documentation on how to write secure code
  • Provide documentation on how to secure your ownCloud instance

All relevant processes, policies and guidelines are documented on the security pages on https://owncloud.org.