Q&A for RFP for Security Review and Remediation of the RFC Production Center Web Accessible Code
IETF Executive Director <exec-director@ietf.org> Mon, 24 February 2020 21:44 UTC
Return-Path: <exec-director@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 065D23A13D3 for <ietf-announce@ietf.org>; Mon, 24 Feb 2020 13:44:10 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: IETF Executive Director <exec-director@ietf.org>
To: IETF Announcement List <ietf-announce@ietf.org>
Subject: Q&A for RFP for Security Review and Remediation of the RFC Production Center Web Accessible Code
X-Test-IDTracker: no
X-IETF-IDTracker: 6.118.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: ietf@ietf.org
Message-ID: <158258064995.24339.4241686544392507905.idtracker@ietfa.amsl.com>
Date: Mon, 24 Feb 2020 13:44:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/duPgoiW1eOb_UBeyF2tWrMVczk8>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 21:44:10 -0000
The IETF Administration LLC issued an RFP for a Security Review and Remediation of the RFC Production Center Web Accessible Code on 5 February 2020. The Questions and Inquiries deadline has now passed and as a number of questions have been asked we are publishing a Questions & Answers (Q&A) supplement in response. The RFP has not been updated. The (Q&A) is available at https://ietf.org/about/administration/rfps/ As a reminder - Overview: The RFC Production Center (RPC) currently maintains a private CVS repository that houses the code for the RFC Editor website and the public web services provided there, as well as staff-only web services, command line tools, and utilities used by the RPC. There is an effort to move this repository to one that is open to the public to bring the resources of the Tools Team and volunteer developers to bear on evolving the codebase. An important first step in this move is inspecting the code for the web services to ensure the released code does not advertise any obvious security vulnerabilities, such as SQL insertion attacks against the underlying databases. Most of the code is in PHP with some in Javascript. Timeline: 05 February 2020 RFP Issued 19 February 2020 Questions and Inquiries deadline 26 February 2020 Answers to questions issued and RPF updated if required 4 March 2020 Bids due 18 March 2020 Preferred bidder selected and negotiations begin 1 April 2020 Contract execution and work begins Full details of the RFP, including instructions on how to submit a bid, can be found at https://ietf.org/about/administration/rfps/ -- Jay Daley IETF Executive Director
- Q&A for RFP for Security Review and Remediation o… IETF Executive Director