Fineract Community - Please note the efforts to create new approach to security at open source projects.
https://news.apache.org/foundation/entry/open-source-community-unites-to-build-cra-compliant-cybersecurity-processes Key message is that a consortium will: “…enumerate existing security policies and procedures of the respective open source foundations, and similar documents describing best practices. For years, the foundations and communities have created and maintained industry best practices for secure software development processes. With these best practices as our starting point, we aim to accelerate the development of cohesive cybersecurity processes required for regulatory compliance while offering a neutral environment for hosting technical discussions with the open source community at-large….” By implication, it is likely that compliance to established norms will become a heavier requirement for the project. We are, by my assessment, not abiding by the timeframes for fixing vulnerabilities, among other issues. Please note. There is still time to fix our community. James
