Joomla Extension Secure Coding Policy

[sriz786]

Hello friends,
Joomla has a Governance responsibility to establish extension (JED Policy) for secure code development before publishing it the extensions in JED.

Instead of requiring extension developers to meet secure coding, best way to enforce extension secure coding requirements by setting up Extension secure code review before approval to publish in the JED.

2 most known secure coding review tools are

1. https://www.zaproxy.org/

2. https://portswigger.net/burp/communitydownload

This will help entire Joomla ecosystem, ensure to meet Joomla for security campaign and awareness and above all this is such a critical need that Joomla Foundation needs to mandate and implement the Joomla Extension secure code policy & tools to ensure Joomla users can have better secure environment using Joomla 4all.

Please advise.

Thank you,
Riz

[Llewellyn]

We have the JED checker and it is constantly being improved to achieve a measure of best practice and security.

Your proposal and involvement will be best realized by making a contribution to this initiative.

Please look for example at this code and see where we can improve, make a pull request or open an issue to start a more detailed conversation.

The reality is this extension can be installed and used to test any extension before submitting it to the JED, as this is the same tool we use.

Saying:

...Joomla Foundation needs to mandate and implement the Joomla Extension secure code policy & tools to ensure Joomla users can have better secure environment using Joomla 4all...

Just does not sound right, specially since we have tools and we do have a mandate and policies that many volunteers have worked very hard to establish over many years.

I understand, it could be that you did not know all this, or you may even think its not enough...

Truth is you can make a huge contribution yourself... just go over to the repository of the JED checker on GitHub, and let the collaboration begin