Page MenuHomePhabricator

sbassett (Scott Bassett)
Application Security Engineer

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Sep 12 2018, 3:52 PM (31 w, 2 d)
Availability
Available
IRC Nick
sbassett
LDAP User
SBassett
MediaWiki User
SBassett (WMF) [ Global Accounts ]

Recent Activity

Yesterday

sbassett updated the task description for T221477: Develop "security testing toolboxes" for manual security reviews, push to wikimedia/security/tooling repo.
Fri, Apr 19, 8:12 PM · Security-Team
sbassett triaged T221478: Offboard Charlotte Portero (April 23) as Normal priority.
Fri, Apr 19, 7:44 PM · Security-Team
sbassett created T221478: Offboard Charlotte Portero (April 23).
Fri, Apr 19, 7:43 PM · Security-Team
sbassett updated the task description for T221477: Develop "security testing toolboxes" for manual security reviews, push to wikimedia/security/tooling repo.
Fri, Apr 19, 7:28 PM · Security-Team
sbassett reassigned T218091: Security Team quarterly check in for April - June 2019 from charlotteportero to JBennett.
Fri, Apr 19, 7:28 PM · Security-Team
sbassett updated the task description for T221477: Develop "security testing toolboxes" for manual security reviews, push to wikimedia/security/tooling repo.
Fri, Apr 19, 7:27 PM · Security-Team
sbassett triaged T221477: Develop "security testing toolboxes" for manual security reviews, push to wikimedia/security/tooling repo as Low priority.
Fri, Apr 19, 7:27 PM · Security-Team
sbassett created T221477: Develop "security testing toolboxes" for manual security reviews, push to wikimedia/security/tooling repo.
Fri, Apr 19, 7:27 PM · Security-Team
sbassett updated the task description for T218091: Security Team quarterly check in for April - June 2019.
Fri, Apr 19, 7:02 PM · Security-Team
sbassett added a comment to T221354: l10n-update on beta breaks due to: ExtensionDependencyError TranslationNotifications requires Translate to be installed..

Is it worth updating https://www.mediawiki.org/wiki/Manual:Extension.json/Schema#requires with the special case for non-extension registered extensions?

Fri, Apr 19, 4:46 PM · MediaWiki-extensions-TranslationNotifications, Beta-Cluster-Infrastructure
sbassett changed the status of T201492: Security review for FormWizard extension from Open to Stalled.
Fri, Apr 19, 1:46 PM · Security-Team-Review-Active, FormWizard

Thu, Apr 18

sbassett reassigned T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th) from sbassett to JFishback_WMF.
Thu, Apr 18, 3:42 PM · Security-Team
sbassett awarded T221354: l10n-update on beta breaks due to: ExtensionDependencyError TranslationNotifications requires Translate to be installed. a Like token.
Thu, Apr 18, 2:11 PM · MediaWiki-extensions-TranslationNotifications, Beta-Cluster-Infrastructure

Wed, Apr 17

sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Wed, Apr 17, 5:25 PM · Security-Team
sbassett updated subscribers of T25227: Use token when logging out.
Wed, Apr 17, 2:24 PM · MediaWiki-Authentication-and-authorization, Patch-For-Review, Vuln-DoS, Security
sbassett changed the visibility for T25227: Use token when logging out.
Wed, Apr 17, 2:23 PM · MediaWiki-Authentication-and-authorization, Patch-For-Review, Vuln-DoS, Security
sbassett added a comment to T201492: Security review for FormWizard extension.

@Harej - I believe @Bawolff currently has this assigned as a lower-priority review. Maybe we can address two things:

  1. Have all of the issue from his initial review (T201492#4587298) been addressed and resolved or marked WONTFIX? I see some subtasks above - a few of them are resolved w/ corresponding gerrit patch sets, but some still seem open. I'm not sure if that's all of them though.
  2. Is there a more firm date you have in mind for production testing or a deploy? If so, we should note that here, as it will help us with our scheduling.

Thanks.

Wed, Apr 17, 2:16 PM · Security-Team-Review-Active, FormWizard
sbassett triaged T201492: Security review for FormWizard extension as Normal priority.
Wed, Apr 17, 2:10 PM · Security-Team-Review-Active, FormWizard
sbassett added a comment to T25227: Use token when logging out.

Er, I think I fixed the array() => [] issues in F28682008. Anyhow, I'll plan to make this task public today, push a patch set up to gerrit and work on some tests.

Wed, Apr 17, 2:02 PM · MediaWiki-Authentication-and-authorization, Patch-For-Review, Vuln-DoS, Security

Tue, Apr 16

sbassett updated subscribers of F28682008: T25227.patch.
Tue, Apr 16, 10:18 PM
sbassett added a comment to T25227: Use token when logging out.

"Rebased" @Bawolff's 3+ year-old patch (T25227#2013640) on master, tested locally. Talked about this with the Security-Team today - fine with just pushing it publicly in gerrit. If there are no objections, I'll create a patch set from the attached: F28682008.

Tue, Apr 16, 10:16 PM · MediaWiki-Authentication-and-authorization, Patch-For-Review, Vuln-DoS, Security
sbassett triaged T218091: Security Team quarterly check in for April - June 2019 as Normal priority.
Tue, Apr 16, 8:06 PM · Security-Team
sbassett closed T218721: Have CI run seccheck tests as Resolved.

Cherry-picked to 2.x, original patch to master abandoned. Resolving for now.

Tue, Apr 16, 8:00 PM · Patch-For-Review, phan-taint-check-plugin, Continuous-Integration-Config
sbassett closed T218721: Have CI run seccheck tests, a subtask of T216974: Update phan-taint-check-plugin to a newer phan (1.2.x), as Resolved.
Tue, Apr 16, 8:00 PM · Patch-For-Review, phan-taint-check-plugin
sbassett moved T219831: Security Review For Kask from Backlog to Next (Ready) on the Security-Team-Reviews board.
Tue, Apr 16, 7:31 PM · User-Clarakosi, User-Eevans, Security-Team-Reviews
sbassett edited projects for T219289: Security Review For viewing Special:Homepage as rendered for other users, added: Security-Team-Reviews; removed Security-Team-Review-Active.
Tue, Apr 16, 7:31 PM · Security-Team-Reviews, Growth-Team (Current Sprint)
sbassett closed T219289: Security Review For viewing Special:Homepage as rendered for other users as Resolved.
Tue, Apr 16, 7:30 PM · Security-Team-Reviews, Growth-Team (Current Sprint)
sbassett closed T219289: Security Review For viewing Special:Homepage as rendered for other users, a subtask of T217281: Homepage: allow testing the homepage for different users, as Resolved.
Tue, Apr 16, 7:30 PM · MW-1.33-notes (1.33.0-wmf.23; 2019-03-26), Patch-For-Review, Growth-Team (Current Sprint), MediaWiki-extensions-GrowthExperiments
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 6:53 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:25 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:24 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:18 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:18 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:16 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:16 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:14 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:10 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 5:00 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 4:55 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 4:50 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 4:45 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 4:24 PM · Security-Team
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 16, 4:10 PM · Security-Team

Mon, Apr 15

sbassett added a comment to T216419: Security review - Wikibase Termbox Front End.

@WMDE-leszek - just wanted to check and see if there's any working local development environment for this (Vagrant roles, Docker, wikibase-docker w/ additional config instructions, etc.) It's probably not critical for this review, but it would be more helpful than playing around with the wikidata.beta.wmflabs.org example. Thanks.

Mon, Apr 15, 8:59 PM · Security-Team-Review-Active
sbassett added a comment to T219289: Security Review For viewing Special:Homepage as rendered for other users.

@JTannerWMF, @kostajh, @Catrope - the Security-Team just had a chat about this. We're fine with the Special:Impact administrative view by itself. We will classify that as an "informational" risk, which wouldn't require an entry within our risk register. If/when the Growth Team is ready to proceed with the administrative view of the Special:Homepage feature (as initially proposed) we can pick up where we left off on that specific feature. If this sounds good and there are no further questions from the Growth Team on this, I can go ahead and resolve this task.

Mon, Apr 15, 3:23 PM · Security-Team-Reviews, Growth-Team (Current Sprint)

Fri, Apr 12

sbassett closed T181660: Experiment using phan for static analysis as Resolved.

Going to make an executive decision here and resolve this for now. Plenty of other related bugs are open for ongoing issues.

Fri, Apr 12, 7:38 PM · phan-taint-check-plugin, Security-Team
sbassett added a comment to T219289: Security Review For viewing Special:Homepage as rendered for other users.

@JTannerWMF - just to clarify your first bullet point - "The Task recommendation module is being put on hold and should NOT be considered for this release", correct?

Fri, Apr 12, 2:45 PM · Security-Team-Reviews, Growth-Team (Current Sprint)

Thu, Apr 11

sbassett added a comment to T194911: TechCom's Platform Architecture Principles.

@daniel- done.

Thu, Apr 11, 8:36 PM · TechCom, Wikimedia-Hackathon-2018
sbassett added a comment to T220657: Establish Architecture Principles as a policy.

@daniel - per this comment, is there a documented definition of "official WMF tool" anywhere? Specifically, who makes that determination?

Thu, Apr 11, 8:36 PM · TechCom-RFC, TechCom
sbassett added a comment to T194911: TechCom's Platform Architecture Principles.

@daniel - per this comment, is there a documented definition of "official WMF tool" anywhere? Specifically, who makes that determination?

Thu, Apr 11, 7:49 PM · TechCom, Wikimedia-Hackathon-2018
sbassett closed T220540: Skip php70 tests on new SecurityCheckPlugin development branch as Resolved.
Thu, Apr 11, 7:19 PM · Patch-For-Review, Release-Engineering-Team, phan-taint-check-plugin, Security-Team
sbassett closed T220624: Create Phabricator Intake Form for Security Concept Reviews as Resolved.
Thu, Apr 11, 7:18 PM · Security-Team
sbassett updated the task description for T220540: Skip php70 tests on new SecurityCheckPlugin development branch.
Thu, Apr 11, 6:23 PM · Patch-For-Review, Release-Engineering-Team, phan-taint-check-plugin, Security-Team
sbassett added a comment to T220624: Create Phabricator Intake Form for Security Concept Reviews.

So this should probably work for now:

Thu, Apr 11, 2:51 PM · Security-Team

Wed, Apr 10

sbassett triaged T220624: Create Phabricator Intake Form for Security Concept Reviews as Low priority.
Wed, Apr 10, 4:14 PM · Security-Team
sbassett created T220624: Create Phabricator Intake Form for Security Concept Reviews.
Wed, Apr 10, 4:13 PM · Security-Team
sbassett added a project to T207990: Security review for TheWikipediaLibrary extension: Security-Team-Reviews.
Wed, Apr 10, 2:22 PM · Security-Team-Reviews, The-Wikipedia-Library

Tue, Apr 9

sbassett added a comment to T66548: Security review indigo-depict.

@Aklapper - Yeah, that's fine. Our workboards for Security-Team-Reviews and Security-Team-Review-Active default to only show open tasks (I believe - or at least that's my default) which is a perfectly acceptable solution.

Tue, Apr 9, 10:05 PM · Security-Team-Reviews, Multimedia, MediaWiki-extensions-MolHandler
sbassett added a comment to T216974: Update phan-taint-check-plugin to a newer phan (1.2.x).

@Legoktm - should be fixed. And here.

Tue, Apr 9, 10:01 PM · Patch-For-Review, phan-taint-check-plugin
sbassett added a comment to T66548: Security review indigo-depict.

@Aklapper - Our standard has been to remove Security-Team-Reviews (or Security-Team-Review-Active) when we close a request as declined or invalid, since those projects represent requests that will actually be reviewed at some point. I suppose it doesn't really matter, since any closed task is set to disappear from those workboards, which is the important piece.

Tue, Apr 9, 9:45 PM · Security-Team-Reviews, Multimedia, MediaWiki-extensions-MolHandler
sbassett changed the status of Restricted Task, a subtask of T219304: test task for permissions, from Resolved to Invalid.
Tue, Apr 9, 8:41 PM · Security-Team, Security
sbassett removed a project from T66548: Security review indigo-depict: Security-Team-Reviews.
Tue, Apr 9, 8:40 PM · Security-Team-Reviews, Multimedia, MediaWiki-extensions-MolHandler
sbassett closed T66548: Security review indigo-depict as Declined.

@Ramsey-WMF - Ok, thanks for the follow-up. I'll go ahead and close this as declined for now.

Tue, Apr 9, 8:39 PM · Security-Team-Reviews, Multimedia, MediaWiki-extensions-MolHandler
sbassett added a comment to T216974: Update phan-taint-check-plugin to a newer phan (1.2.x).

Is it helpful to see a bunch of failed instances of composer-package-php70-docker? I'm not sure how valuable that information would be. And the thought here would be to eventually use the composer-package-php7(2|3)-docker whenever we're ready.

Tue, Apr 9, 8:17 PM · Patch-For-Review, phan-taint-check-plugin
sbassett added a comment to T216974: Update phan-taint-check-plugin to a newer phan (1.2.x).

@Daimona - sounds good. Also, we're planning to disable composer-package-php70-docker for the 2.0.0 branch.

Tue, Apr 9, 7:43 PM · Patch-For-Review, phan-taint-check-plugin
sbassett renamed T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th) from Onboarding James Fishback to Security Team as Privacy Engineer (4/15) to Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 9, 7:34 PM · Security-Team
sbassett triaged T220540: Skip php70 tests on new SecurityCheckPlugin development branch as Normal priority.
Tue, Apr 9, 7:24 PM · Patch-For-Review, Release-Engineering-Team, phan-taint-check-plugin, Security-Team
sbassett created T220540: Skip php70 tests on new SecurityCheckPlugin development branch.
Tue, Apr 9, 7:24 PM · Patch-For-Review, Release-Engineering-Team, phan-taint-check-plugin, Security-Team
sbassett updated subscribers of T66548: Security review indigo-depict.

Hey Multimedia Team. We have this long-lingering review of an old Google-Summer-of-Code project where we'd been asked to review the indigo-depict dependency. Given the elapsed time here and that there most likely isn't a current champion of this extension (as a code steward or for production deployment) the Security-Team would like to propose closing this as declined by April 15th, 2019. If the above assumptions are incorrect and the Multimedia Team (or another team/individual) would like to become a steward for this extension with the goal of deploying to production over the next quarter or two, we can definitely see where we're and reschedule this review. Thanks.

Tue, Apr 9, 7:06 PM · Security-Team-Reviews, Multimedia, MediaWiki-extensions-MolHandler
sbassett updated subscribers of T216974: Update phan-taint-check-plugin to a newer phan (1.2.x).

@Daimona - @Bawolff and I created a 2.0.0 branch from master just now for development of new versions of the SecurityCheckPlugin that leverage PluginV2 and newer versions of PHP and Phan.

Tue, Apr 9, 6:00 PM · Patch-For-Review, phan-taint-check-plugin
sbassett edited projects for T219289: Security Review For viewing Special:Homepage as rendered for other users, added: Security-Team-Review-Active; removed Security-Team-Reviews.
Tue, Apr 9, 5:08 PM · Security-Team-Reviews, Growth-Team (Current Sprint)
sbassett removed a project from T207990: Security review for TheWikipediaLibrary extension: Security-Team-Review-Active.
Tue, Apr 9, 4:42 PM · Security-Team-Reviews, The-Wikipedia-Library
sbassett closed T207990: Security review for TheWikipediaLibrary extension, a subtask of T132084: Notify editors that they are now eligible for the Wikipedia Library program, as Resolved.
Tue, Apr 9, 4:42 PM · Growth-Team, Collaboration-Team-Triage (Collab-Team-This-Quarter), Patch-For-Review, User-notice-collaboration, User-notice, Notifications, The-Wikipedia-Library
sbassett closed T207990: Security review for TheWikipediaLibrary extension as Resolved.

Sorry for the crazy delay on this, but this extension looks fine to me. Some phpcs issues came up during my review, but they aren't security-related, so I was going to let you review those in CI, etc. Let me know if you have any other questions, etc. Thanks.

Tue, Apr 9, 4:41 PM · Security-Team-Reviews, The-Wikipedia-Library
sbassett updated the task description for T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 9, 3:35 PM · Security-Team
sbassett triaged T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th) as Low priority.
Tue, Apr 9, 3:14 PM · Security-Team
sbassett created T220517: Onboarding James Fishback to Security Team as Privacy Engineer (April 15th).
Tue, Apr 9, 3:10 PM · Security-Team

Mon, Apr 8

sbassett committed rESSe554d49db644: Avoid deprecated OutputPage::addWikiText (authored by Umherirrender).
Avoid deprecated OutputPage::addWikiText
Mon, Apr 8, 6:58 PM
sbassett updated subscribers of T219289: Security Review For viewing Special:Homepage as rendered for other users.

@MMiller_WMF, @JTannerWMF - the Security-Team discussed this today. We had a couple of initial questions for you:

Mon, Apr 8, 4:24 PM · Security-Team-Reviews, Growth-Team (Current Sprint)

Fri, Apr 5

sbassett removed a project from T209226: Quarry can be affected by CSV Injection: Patch-For-Review.
Fri, Apr 5, 7:24 PM · Quarry, Security
sbassett added a comment to T209226: Quarry can be affected by CSV Injection.

Excellent, looks good to me. Thanks.

Fri, Apr 5, 7:23 PM · Quarry, Security
sbassett committed rESSd5b59cd6277f: Extension: SearchStats (authored by sbassett).
Extension: SearchStats
Fri, Apr 5, 5:03 PM
sbassett committed rESS55f624dd8a8d: Extension: SearchStats (authored by sbassett).
Extension: SearchStats
Fri, Apr 5, 4:51 PM
sbassett added a comment to T220220: [Extension:SearchStats] quibble tests failing due to deprecated OutputPage::addWikiText.

Patch for review. Feel free to abandon if we want to leave this as an exercise for new mw developers.

Fri, Apr 5, 4:50 PM · Patch-For-Review, MediaWiki-extensions-Other
sbassett added a project to T220220: [Extension:SearchStats] quibble tests failing due to deprecated OutputPage::addWikiText: Patch-For-Review.
Fri, Apr 5, 4:46 PM · Patch-For-Review, MediaWiki-extensions-Other
sbassett committed rESS4d0d0b288fe9: Extension: SearchStats (authored by sbassett).
Extension: SearchStats
Fri, Apr 5, 4:46 PM
sbassett updated the task description for T220220: [Extension:SearchStats] quibble tests failing due to deprecated OutputPage::addWikiText.
Fri, Apr 5, 4:41 PM · Patch-For-Review, MediaWiki-extensions-Other
sbassett triaged T220220: [Extension:SearchStats] quibble tests failing due to deprecated OutputPage::addWikiText as Low priority.
Fri, Apr 5, 4:38 PM · Patch-For-Review, MediaWiki-extensions-Other
sbassett created T220220: [Extension:SearchStats] quibble tests failing due to deprecated OutputPage::addWikiText.
Fri, Apr 5, 4:38 PM · Patch-For-Review, MediaWiki-extensions-Other
sbassett added a comment to T209226: Quarry can be affected by CSV Injection.

@zhuyifei1999 @Framawiki - any update on this? Can we set a date/time to deploy the patch to quarry and backport to gerrit? Happy to help, though I don't currently have access to the quarry project.

Fri, Apr 5, 4:07 PM · Quarry, Security
sbassett closed T151687: Insecure CORS access control of JS in Wikipedia.org as Invalid.

Closing as invalid as neither of the URLs mentioned within the description exist anymore and this doesn't appear to have been much of a security concern to begin with.

Fri, Apr 5, 2:15 PM · Wikimedia-Portals, Discovery, Security

Wed, Apr 3

sbassett added a comment to T216419: Security review - Wikibase Termbox Front End.

Great, thanks for the update @WMDE-leszek. I'll target the completion of this review to happen before the 2019-04-30 date. And yes, any updates here as to when SRE can handle the deploy would be great.

Wed, Apr 3, 4:02 PM · Security-Team-Review-Active
sbassett closed Restricted Task, a subtask of T219304: test task for permissions, as Resolved.
Wed, Apr 3, 2:24 PM · Security-Team, Security
sbassett updated subscribers of T219304: test task for permissions.
Wed, Apr 3, 2:22 PM · Security-Team, Security
sbassett reopened T219304: test task for permissions as "Stalled".
Wed, Apr 3, 2:22 PM · Security-Team, Security

Tue, Apr 2

sbassett added a comment to T219289: Security Review For viewing Special:Homepage as rendered for other users.

Hey @kostajh - just to follow up on this a bit more, I'd like to propose this to the Security-Team and provide a concept review. This will probably involve some measurement of risk for the "view another user's homepage" feature (based upon @Bawolff's concerns and any other potential issues) and the ownership of said risk by the growth team.

Tue, Apr 2, 7:59 PM · Security-Team-Reviews, Growth-Team (Current Sprint)
sbassett added a comment to T219831: Security Review For Kask.

@Eevans, @Clarakosi - Thanks for the review request. Given that golang is a little outside of our typical mw core/extensions and web application reviews, the Security-Team will need to think about what will be the best solution for this request. It may end up being a combination of a more focused internal review (centered around static analysis) with the potential for an additional external/vendor review. We'll keep you posted.

Tue, Apr 2, 7:25 PM · User-Clarakosi, User-Eevans, Security-Team-Reviews
sbassett triaged T219831: Security Review For Kask as Normal priority.
Tue, Apr 2, 7:20 PM · User-Clarakosi, User-Eevans, Security-Team-Reviews
sbassett added a comment to T216419: Security review - Wikibase Termbox Front End.

@WMDE-leszek Sorry for the lack of updates on this. Do we an updated deployment date for this? I know that had changed since this task was created. I've had a basic look at the code, but haven't completed a full review yet. If we can assign an updated deployment date for this, the Security-Team can establish a more accurate due date for the security review deliverable. Thanks.

Tue, Apr 2, 7:18 PM · Security-Team-Review-Active
sbassett added a comment to T219896: Security Issue Access Request for WDoranWMF.

On agenda for 4/9/2019 security team meeting.

Tue, Apr 2, 4:39 PM · Security-Team, Security