Administrative Security Review
Please provide an Administrative Security Review of the ORByT scientific software. Information on the policies and procedures related to USGS Software are available from this site:
A checklist outlining the overall process is attached:
USGS-Software-Planning-Checklist_NOV2019.docx
More specifically, refer to this page for details on the review process:
For convenience, here is the most relevant information for the purposes of this review request:
Administrative Security Review All software must have an administrative security review before it is made publicly available by any method. This type of review ensures personal, private, or otherwise sensitive information is not included in the repository. Types of sensitive information include:
- Personally identifiable information (PII)
- Absolute file system paths
- Internal server host names or IP addresses
- Usernames/passwords
Administrative security reviews may be performed by any trusted person; the reviewer does not necessarily need a strong scientific or programming background. When migrating an existing project into any non-private Git repository, it is important to remember that the entire project history needs to be reviewed if that history is to be maintained after migration.
Review with Git
- Assign the issue to the reviewer.
- The reviewer will reply to the issue with review comments and notification that the review has been completed. This may involve iteratively responding to the reviewer through the Issue feature and updating the repository to resolve review comments.