I sort-of offered to Petr that I would have a go at re-writing the part of the Moodle coding guidelines relating to security, that is Development:Security. I thought it would be worth expanding them to explain a bit more about the types of security vulnerability we need to avoid, as well as just telling developers do this, do that.
I just had a go at writing a but of it, and I realised that it would be too long as a single page, so I am proposing one index page (mock-up on Development_talk:Security), linking to separate pages for each type of vulnerability, like
Development:Security:Cross-site_request_forgery.
What do people think about that format?
OK, well I have several comments offline that the new format was good, and I wanted to avoid doing any real work today, so Development:Security is now basically done. What we need now is for lots of people to review it, and fill in the bits I missed, and make other improvements. Thanks.
Brilliant job, as usual, Tim. Thank you so much.