X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fdocs%2Fsecurity.pod;h=7120e389a7f32c63451ce1ac165ec36db77c3f7f;hb=4639e25a658d9a0bf295415642fae8e8cdad846a;hp=b8650e05d49d650515ac5161dbc7f868aeb797fb;hpb=6587f6ba7d047ddc1686c080090afe7d53365bd4;p=freeside.git
diff --git a/rt/docs/security.pod b/rt/docs/security.pod
index b8650e05d..7120e389a 100644
--- a/rt/docs/security.pod
+++ b/rt/docs/security.pod
@@ -9,6 +9,21 @@ key).
More information is available at L.
+
+=head2 RT's security process
+
+After a security vulnerability is reported to Best Practical and
+verified, we attempt to resolve it in as timely a fashion as possible.
+Best Practical support customers will be notified before we disclose the
+information to the public. All security announcements will be sent to
+C and posted to the community forum at
+L
+
+As the tests for security vulnerabilities are often nearly identical to
+working exploits, sensitive tests will be embargoed for a period of six
+months before being added to the public RT repository.
+
+
=head2 Security tips for running RT
=over
@@ -17,11 +32,7 @@ More information is available at L.
Protect your RT installation by making it only accessible via SSL. This
will protect against users' passwords being sniffed as they go over the
-wire, as well as helping prevent phishing attacks. If you use SSL, you
-will need to install some additional Perl libraries so that C
-can connect. You can use the C<--enable-ssl-mailgate> command to
-configure to automate the installation of these dependencies. This is
-documented further in step 10 of the README.
+wire, as well as helping prevent phishing attacks.
You should use a certificate signed by a reputable authority, or at very
least a certificate signed by a consistent local CA, which you configure