The IETF Administration LLC is soliciting bids for a Security Review and Remediation of the RFC Production Center Web Accessible Code.
Overview: The RFC Production Center (RPC) currently maintains a private CVS repository that houses the code for the RFC Editor website and the public web services provided there, as well as staff-only web services, command line tools, and utilities used by the RPC. There is an effort to move this repository to one that is open to the public to bring the resources of the Tools Team and volunteer developers to bear on evolving the codebase. An important first step in this move is inspecting the code for the web services to ensure the released code does not advertise any obvious security vulnerabilities, such as SQL insertion attacks against the underlying databases. Most of the code is in PHP with some in Javascript. Timeline: 05 February 2020 RFP Issued 19 February 2020 Questions and Inquiries deadline 26 February 2020 Answers to questions issued and RPF updated if required 4 March 2020 Bids due 18 March 2020 Preferred bidder selected and negotiations begin 1 April 2020 Contract execution and work begins Full details of the RFP, including instructions on how to submit a bid and how to ask questions, can be found at https://ietf.org/about/administration/rfps/ Please note that, in order to maintain a fair and transparent RFP process, all questions or feedback regarding this RFP should be made to the email address specified in the RFP. -- Jay Daley IETF Executive Director _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
