About the Team
The Liferay Community Security Team is an all-volunteer group of community members who manage security issues related to Liferay CE. When security-related issues arise in the open source Liferay project, the CST works to notify, minimize the impact to, and provide source and binary patches to the community. In addition, the CST provides ongoing education to developers and users to help keep their Liferay sites secure.
WANT TO JOIn?
The CST comprises of individuals from the wider Liferay community, as well as employees of Liferay, Inc. All community members are welcome to participate. Because membership gives access to information about potentially sensitive security issues, membership is somewhat limited to those in the Liferay community with a proven track record. The best way to get involved is to review security fixes with a security mindset, get down and dirty and fix a few issues, and interact with the team in its course of duties.
- Liferay's official Security Policy Statement
- OWASP's Top 10 Most Critical Web App Security Risks (2013)
- CWE/SANS Top 25 Most Dangerous Software Errors (2011)
- Liferay dev.life session - Tom's session on Securing Remote JSON Web Services
- Tom's Portal Security presentation from the Liferay Budapest 2012 Symposium and Securing Liferay Portal presentation
- Sam Kong's Radio Liferay podcast on Liferay Security