Handling security issues responsibly and transparently is key to the success of any Open-Source project. Symfony is no exception. We documented the process of our security management policy a long time ago. Communication with the reporter, working on a fix, testing and validating the fix, coordinating with downstream projects, assigning CVE numbers, explaining the issue in a detailed blog post, and publishing security versions are some of the activities required to handle a security issue. From the initial email to resolution, dealing with a security issue can take as much as 6 months. That's a lot of time and energy. Up until now, the core team was in charge of the whole process. And I must admit that working on security issues on top of managing the Symfony project is getting difficult.
Today, I'm very happy and proud to announce that we are getting to the next level. Michael Cullum accepted to join the Symfony Core Team to lead the security team. He will be responsible for managing the security process.
You probably know Michael already. He is the secretary of PHP FIG and the PHPBB manager, a project that uses Symfony extensively.
Join me in welcoming Michael in his new role. If you want to help with the
process, please contact him. And don't forget to use the security@symfony.com
email to report security issues... Michael is ready to help.
Great news! Welcome Michael!
Welcome in the core team Michael!
This is great. Handling security issues is critical and now it couldn't be in better hands. Welcome Michael!!
Great news! Welcome!
Congratulations Michael!
Welcome!
Thank you Michael for taking this critical responsibility.
Great ! Welcome Michael !
Super! Now who's on this team? Do you require new member?
@Philippe here you can find the list of members and how are they elected: https://symfony.com/doc/current/contributing/code/core_team.html