Q&A for RFP for Security Review and Remediation of the RFC Production Center Web Accessible Code

IETF Executive Director <exec-director@ietf.org> Mon, 24 February 2020 21:44 UTC

Return-Path: <exec-director@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 065D23A13D3 for <ietf-announce@ietf.org>; Mon, 24 Feb 2020 13:44:10 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: IETF Executive Director <exec-director@ietf.org>
To: "IETF Announcement List" <ietf-announce@ietf.org>
Subject: Q&A for RFP for Security Review and Remediation of the RFC Production Center Web Accessible Code
X-Test-IDTracker: no
X-IETF-IDTracker: 6.118.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: ietf@ietf.org
Message-ID: <158258064995.24339.4241686544392507905.idtracker@ietfa.amsl.com>
Date: Mon, 24 Feb 2020 13:44:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/duPgoiW1eOb_UBeyF2tWrMVczk8>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 21:44:10 -0000

The IETF Administration LLC issued an RFP for a Security Review and Remediation of the RFC Production Center Web Accessible Code on 5 February 2020.  The Questions and Inquiries deadline has now passed and as a number of questions have been asked we are publishing a Questions & Answers (Q&A) supplement in response.  The RFP has not been updated.  

The (Q&A) is available at https://ietf.org/about/administration/rfps/


As a reminder - Overview:

The RFC Production Center (RPC) currently maintains a private CVS repository that houses the code for the RFC Editor website and the public web services provided there, as well as staff-only web services, command line tools, and utilities used by the RPC. There is an effort to move this repository to one that is open to the public to bring the resources of the Tools Team and volunteer developers to bear on evolving the codebase. An important first step in this move is inspecting the code for the web services to ensure the released code does not advertise any obvious security vulnerabilities, such as SQL insertion attacks against the underlying databases.  Most of the code is in PHP with some in Javascript.


Timeline:

05 February 2020    RFP Issued
19 February 2020    Questions and Inquiries deadline
26 February 2020    Answers to questions issued and RPF updated if required
4 March 2020        Bids due
18 March 2020       Preferred bidder selected and negotiations begin
1 April 2020        Contract execution and work begins


Full details of the RFP, including instructions on how to submit a bid, can be found at https://ietf.org/about/administration/rfps/ 

-- 
Jay Daley
IETF Executive Director