8000 Monthly Chat Agenda October 2024 (2024-10-07 and 2024-10-21) · Issue #3848 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Monthly Chat Agenda October 2024 (2024-10-07 and 2024-10-21) #3848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fzipi opened this issue Oct 7, 2024 · 1 comment
Closed

Monthly Chat Agenda October 2024 (2024-10-07 and 2024-10-21) #3848

fzipi opened this issue Oct 7, 2024 · 1 comment
Labels
🔖 Meeting Agenda

Comments

@fzipi
Copy link
Member
fzipi commented Oct 7, 2024
edited
Loading

This is the Agenda for the two Monthly CRS Chats.

The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2024-10-07, at 20:30 CET. That's the 1st Monday of the month. A separate issue chat is happening at the same location, same time on Monday, 2024-10-21. That's the 3rd Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).

Archived previous meetings and their decision are here.

What happend in the meantime since the chat last month

Outside development

  • CRS dev retreat is happening partially within the OWASP Project summit in Center Parcs. More information in the website https://owaspprojectsummit.org/
  • ⚠️ We need to decide which discussions/projects are the ones to focus on the developer retreat, so go to the 2024 retreat topics and add your 👍 to the topic you would like to work while there. Or propose yours! Deadline will be Oct 20th so we can have the agenda filled before our issues chat.

Inside development

Rules

  • FIXME: Please fill in

CRS Sandbox

  • Ongoing work: I've teamed with my colleague RB (@nitrocode) to update the AWS setting for the Sandbox. He will also add his expertise on enhancing the setup (if this can be done).

Security

  • Contacted author of a new report, still didn't answered after two weeks.

Plugins

  • No news

Documentation and Public Relations

  • No news.

Project Administration and Sponsor relationships

  • We are going to invite sponsors to the CRS developer retreat in the UK.

Tools

  • No news here.

Testing incl. Seaweed and many future plans

  • No news here.

Containers

  • modsecurity nginx had the geoip/maxmind libraries fixed

CRS Status Page

  • No news here.

Project discussions and decisions

  • Proposal: move code utils out of the main repo, and any documentation to the docs. For tools, we cannot test them properly, and they are related but they could be siblings to other major tools like ftw or the toolchain. Other stuff should be in the docs.
  • When should we / do we want to: retire old CRS rules/detections
    • We could have a full discussion/workshop about this at the dev retreat, if we need more time than 1 meeting (or if this is controversial).
    • This was briefly discussed at a previous meeting. The general consensus was that we want to actively retire old rules/detections.
    • After the original discussion: a comment from a Coraza developer re: a report that old vulnerabilities are much more actively exploited and problematic than new vulnerabilities.
    • Occasionally, there are other reports / conference talks etc. that share the experience that very old vulnerabilities (10-15+ years old) continue to be actively exploited and still cause real world problems. Consider also: legacy systems (plenty of these still in prod.), systems/devices that cannot be updated (lots of IoT endpoints, embedded devices, etc.).
    • The question here is: Do we definitely want to start removing old detections? Is this wise?
      • Possible ideas:
        • Metadata: tag old rules/detections (e.g. 'old-vuln', 'discovered-2011', etc.). Old detections are on by default, can easily disable if desired (if user doesn't care about old vulns. and wants maximum performance)
        • Plugin: move old rules/detections to an optional plugin. Old detections are off by default, can add old rules if desired (most users will not do this, so the detections are mostly lost).

Rules development, key project numbers### PRs that have been merged since the last meeting

We merged 11 PRs since the last monthly project chat.

Open PRs

Open PRs marked DRAFT or work in progress or needs action

Separate 2nd Meeting (Monday, 2024-10-21)

How to get to our slack and join the meeting?

If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .

Everybody is welcome to join our community chat.
@theseion
Copy link
Contributor
theseion commented Oct 7, 2024
edited by fzipi
Loading

Decisions

@fzipi fzipi mentioned this issue Oct 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🔖 Meeting Agenda
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@theseion @fzipi @franbuehler
0