Similar to the work performed within T293790, the Security-Team has been actively analyzing public-facing security documentation on mediawiki.org, meta.wikimedia.org, wikitech.wikimedia.org and some related security content on office.wikimedia.org and foundation.wikimedia.org. We would like to begin further updating and restructuring some of the existing security-related documentation as well as creating new security best practices.

Phase 1

As a phase 1 effort, we would like to consolidate and update various security "landing pages". See below for more details.

Existing landing pages for consideration

1. https://www.mediawiki.org/wiki/Security
2. https://meta.wikimedia.org/wiki/Security
3. https://wikitech.wikimedia.org/wiki/Security
4. https://www.mediawiki.org/wiki/Wikimedia_Security_Team

Proposed restructuring of existing landing pages

• Replace https://www.mediawiki.org/wiki/Wikimedia_Security_Team with https://meta.wikimedia.org/wiki/User:Clemoisson/Sandbox (once sandbox version is complete)
• Create soft redirects at https://meta.wikimedia.org/wiki/Security and https://wikitech.wikimedia.org/wiki/Security to https://www.mediawiki.org/wiki/Security
• Create a new, simplified landing page at https://www.mediawiki.org/wiki/Security with the following content sections:
  • General Manual for Security (help setting up security features)
    • Links to Manual:Security items
  • For Developers
    • PHP (specifically related to MediaWiki et al) [UPDATED]
    • JavaScript security best practices [NEW]
    • NodeJS security best practices [NEW]
    • Golang security best practices [NEW]
    • Python security best practices [NEW]
  • Policies, Processes, Services
    • List of Security services [UPDATED]
    • Other Helpful Security Resources [TBD]
    • List of Privacy Engineering Privacy [TBD]
    • List of Appsec Policies [UPDATED]
    • Meta Privacy Policy
    • Risk Management Framework [PUBLIC VERSION?]