Security Review and Remediation of the RFC Production Center Web Accessible Code RFP
IETF Administration LLC Executive Director <exec-director@ietf.org> Fri, 27 September 2019 18:19 UTC
Return-Path: <exec-director@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7736412091D for <ietf-announce@ietf.org>; Fri, 27 Sep 2019 11:19:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: IETF Administration LLC Executive Director <exec-director@ietf.org>
To: IETF Announcement List <ietf-announce@ietf.org>
Subject: Security Review and Remediation of the RFC Production Center Web Accessible Code RFP
X-Test-IDTracker: no
X-IETF-IDTracker: 6.103.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: ietf@ietf.org
Message-ID: <156960834644.12364.18084012531656981969.idtracker@ietfa.amsl.com>
Date: Fri, 27 Sep 2019 11:19:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/zAQ7x-RKo5iRrKnOF9xtg3mrxJ0>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 18:19:07 -0000
The IETF Administration LLC (IETF LLC) is soliciting proposals ("Proposals") for the Security Review and Remediation of the RFC Production Center Web Accessible Code RFP. The RFP is located at: https://ietf.org/about/administration/rfps/ Please note the following: Timeline: 27 Sep: RFP Issued 04 Oct: Questions and Inquiries deadline 07 Oct: Answers to questions issued, RFP Addenda and Update issued 14 Oct: Proposals due 21 Oct: Selection made, negotiations begin 01 Nov: Contract execution 08 Nov: Work begins Overview The RFC Production Center (RPC) currently maintains a private CVS repository that houses the code for the RFC Editor website and the public web services provided there, as well as staff-only web services, command line tools, and utilities used by the RPC. There is an effort to move this repository to one that is open to the public to bring the resources of the Tools Team and volunteer developers to bear on evolving the codebase. An important first step in this move is inspecting the code for the web services to ensure the released code does not advertise any obvious security vulnerabilities, such as SQL insertion attacks against the underlying databases. It is not known if there are any such vulnerabilities in the current codebase. However, it is known that the source contains at least one embedded password used for communicating with the datatracker. One possible output of this project is a report that the codebase is ready to move into the open with only simple modifications to address embedded passwords. Please reply with questions, if any, and a bid if you are interested in pursuing this opportunity to ietf-rfps@ietf.org. Thanks in advance. Portia Wenze-Danley IETF LLC Interim Executive Director
- Security Review and Remediation of the RFC Produc… IETF Administration LLC Executive Director