Profile

Cover photo
Marcus Krause
Works at Portaltech Reply GmbH
Lives in Hamburg
90 followers|38,165 views
AboutPostsPhotosYouTube

Stream

 
 
Regarding the time (day of week) for publishing security advisories: 

1. It is complicated enough (most likely impossible) to find a time which pleases anyone (think of different deployment cycles or time zones).

2. Even if we find great agreement on a specific time, there will be (many) exceptions anyway due to (lack of) team resources and the severity of vulnerability that was found.

3. The more critical a vulnerability is, the more likely publication makes sense on an arbitrary day of the week; the less critical it is, the less important it is for you to act immediately, so that the day of publication does not matter much anyway.

4. Our (small) team has a lot of experience in security topics and we have absolutely no interest in doing something bad for our users. The day of publication has been discussed multiple times with the same result: We as experts have to consider all options (from the above) and decide case by case when to publish an advisory. Some times this will be on a weekend or right before a weekend.

Please trust our teams' decisions. Thanks!

P.S.: Other OSS projects publish advisories on saturday evenings and I consider this is also to be fine from a security perspective.

#TYPO3   #Security   #SecurityTeam   #Advisories  
View original post
2
Add a comment...

Marcus Krause

Shared publicly  - 
 
Mark this date: my first hybris Commerce Suite installation.
2
Add a comment...

Marcus Krause

Shared publicly  - 
 
Nike und Yuna bei e-net
 ·  Translate
1
Add a comment...

Marcus Krause

Shared publicly  - 
 
 
Sowas suche ich schon länger:
 ·  Translate
1 comment on original post
1
2
Xavier Perseguers's profile photoNerissa Herwehe's profile photo
Add a comment...

Marcus Krause

Shared publicly  - 
 
 
Early bird tickets are now available at droidcon.de/2013/tickets. Don't worry that my profile image is still 2012. It is more important that you get the update than I get a new outfit.
2 comments on original post
1
Add a comment...

Marcus Krause

Shared publicly  - 
 
Google I/O is coming (June 26)

Get our seat reserved for Google I/O Extended in Hamburg!
Das Public Viewing und der Hackathon finden in den Räumen der Google Deutschland GmbH in Hamburg statt.
1
Add a comment...
Have him in circles
90 people
Juliane Steinmetz's profile photo
Christian Kuhn (lolli42)'s profile photo
Olivier Dobberkau's profile photo
Johannes Mahler's profile photo
Susanne Moog's profile photo
Jo Hasenau's profile photo
Dirk W's profile photo
Claudia Dähnert's profile photo
Connecta AG's profile photo

Marcus Krause

Shared publicly  - 
 
Marcus Krause originally shared:
T3DD13 - 8th TYPO3 Developer Days
Thu, July 4, 2013, 9:00 AM GMT+2
ELBCAMPUS Kompetenzzentrum Handwerkskammer Hamburg

1
Add a comment...

Marcus Krause

Shared publicly  - 
 
PIXAR - 25 years of Animation - exhibition at Museum für Kunst und Gewerbe, Hamburg, Germany
 ·  Translate
1
Add a comment...

Marcus Krause

Shared publicly  - 
1
Marcus Krause's profile photoNikolas Hagelstein's profile photo
6 comments
 
das ist das "neueste bold". Keine ahnung, was mit dem ding ist. Ausgetauscht wurde das schon. Aber das friert halt sporadisch ein. Und der akku ist in nen paar Stunden platt. Sieht irgendwie so aus als wuerde sich das ding zumüllen. Aber ich hab kein plan von den Dingern.
 ·  Translate
Add a comment...
People
Have him in circles
90 people
Juliane Steinmetz's profile photo
Christian Kuhn (lolli42)'s profile photo
Olivier Dobberkau's profile photo
Johannes Mahler's profile photo
Susanne Moog's profile photo
Jo Hasenau's profile photo
Dirk W's profile photo
Claudia Dähnert's profile photo
Connecta AG's profile photo
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Hamburg
Contact Information
Work
Email
Address
Portaltech Reply GmbH Griegstr. 75 - Haus 25 22763 Hamburg
Story
Tagline
Sometimes you win, sometimes you learn.
Introduction
Backend Web Dev
TYPO3 Security Team member
doing PHP & Java EE
interested in security & quality assurance
Work
Occupation
Consultant
Skills
SAP Hybris, TYPO3 CMS, Symfony, PHP, Java EE, Android, Web Application Security
Employment
  • Portaltech Reply GmbH
    Senior Consultant, 2014 - present
  • TYPO3 Security Team
    Incident Handling, 2007 - present
  • e-net Consulting GmbH & Co. KG
    Anwendungsentwickler, 2010 - 2014
Basic Information
Gender
Male
Links
Other profiles