It's been a long time and finally... Radio Liferay is back with several episodes in the queue. Today, Tomáš Polešovský starts of by talking about Liferay's security team and -procedures as well as his work within that team. Tom has already been a guest on Radio Liferay's ancient episode 9

Here are some of the topics that we talked about:

• The glorious glamorous days one has on the security team (consisting mostly of email, tickets, pullrequests)
  • Different ways to make Liferay more secure
  • Gathering feedback from community and customers
  • Monitoring Liferay Forums and full disclosure mailing lists (also about the various libraries that are used in Liferay)
  • Scan source code for problems
• Liferay cooperates with external security researchers for penetration testing
• Customers perform external audits as well.
• An example of an actual audit report: 49 very alarming false positives vs. 1 real cornercase
• The security issue fixing process
• The first security episode with Sam Kong
• Link to community security update page. CE updates always only against the latest GA version
• Some low hanging fruits in secure Liferay administration (on the fly)
  • Disable "create new accounts" if you don't want random users to create new accounts (e.g. in an intranet)
  • JSONWS access
  • Disable Control Panel, add "My Account" to user's personal pages instead
  • The securing Liferay series and "additional Resources" here
• What will happen with Liferay 7?
• OAuth, and the related Radio Liferay episode 44 with Stian
• SQRL (disclaimer: I misled Tom by mispronouncing this library - he's aware, but there's no implementation - yet - for Liferay)

Follow @RadioLiferay, @topolik (Tom) and @olafk (me) on twitter.

You'll find this episode - and make sure that you don't miss any of the future episodes - by subscribing to  http://feeds.feedburner.com/RadioLiferay. You can also subscribe on itunes.: Just search for "Radio Liferay" or just "Liferay" in the podcast directory. If you like this, make sure to write a review for the podcast directory of your choice - or leave your feedback on www.liferay.com/radio.

Or just download the MP3 here: