RFP for Security Review and Remediation of the RFC Production Center Web Accessible Code

IETF Executive Director <exec-director@ietf.org> Wed, 05 February 2020 00:35 UTC

Return-Path: <exec-director@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 841CD120072 for <ietf-announce@ietf.org>; Tue, 4 Feb 2020 16:35:29 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: IETF Executive Director <exec-director@ietf.org>
To: "IETF Announcement List" <ietf-announce@ietf.org>
Subject: RFP for Security Review and Remediation of the RFC Production Center Web Accessible Code
X-Test-IDTracker: no
X-IETF-IDTracker: 6.116.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: ietf@ietf.org
Message-ID: <158086292946.15764.13199174457673131945.idtracker@ietfa.amsl.com>
Date: Tue, 04 Feb 2020 16:35:29 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/Cw9vIqM0jA4COn8XSyqR0QEwMFg>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2020 00:35:30 -0000

The IETF Administration LLC is soliciting bids for a Security Review and Remediation of the RFC Production Center Web Accessible Code.  

Overview:

The RFC Production Center (RPC) currently maintains a private CVS repository that houses the code for the RFC Editor website and the public web services provided there, as well as staff-only web services, command line tools, and utilities used by the RPC. There is an effort to move this repository to one that is open to the public to bring the resources of the Tools Team and volunteer developers to bear on evolving the codebase. An important first step in this move is inspecting the code for the web services to ensure the released code does not advertise any obvious security vulnerabilities, such as SQL insertion attacks against the underlying databases.  Most of the code is in PHP with some in Javascript.


Timeline:

05 February 2020    RFP Issued
19 February 2020    Questions and Inquiries deadline
26 February 2020    Answers to questions issued and RPF updated if required
4 March 2020        Bids due
18 March 2020       Preferred bidder selected and negotiations begin
1 April 2020        Contract execution and work begins


Full details of the RFP, including instructions on how to submit a bid and how to ask questions, can be found at https://ietf.org/about/administration/rfps/ 

Please note that, in order to maintain a fair and transparent RFP process, all questions or feedback regarding this RFP should be made to the email address specified in the RFP.

-- 
Jay Daley
IETF Executive Director