Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update README with Notes on Security #75

Closed
lmarsden opened this issue Jun 3, 2020 · 0 comments · Fixed by #77
Closed

Update README with Notes on Security #75

lmarsden opened this issue Jun 3, 2020 · 0 comments · Fixed by #77
Assignees
@lmarsden
Labels
documentation Improvements or additions to documentation OSS Required for open-sourcing

Comments

@lmarsden
Copy link
Contributor

lmarsden commented Jun 3, 2020

Action from Threat Modelling session of 03/06/20.

As some security concerns are known to exist around libgsf (see e.g. https://github.com/schwehr/generic-sensor-format/issues), make clear in the README that it is the responsibility of the calling application to mitigate these where necessary.

Likewise, it should be reiterated to users of gsfpy that GSF data processed by the package should come from reputable sources and should be integrity checked where possible, as it is a possible attack vector.

ACs

  • README updated with notes on security including the points mentioned above.
@lmarsden lmarsden added documentation Improvements or additions to documentation OSS Required for open-sourcing labels Jun 3, 2020
@lmarsden lmarsden linked a pull request Jun 5, 2020 that will close this issue
Add notes on security #77
Merged
@lmarsden lmarsden self-assigned this Jun 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lmarsden lmarsden

Labels
documentation Improvements or additions to documentation OSS Required for open-sourcing
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add notes on security UKHO/gsfpy
1 participant
@lmarsden