HUBzero, a NSF funded, open source software platform for building powerful Web sites and Science Gateways that support scientific discovery, learning, and collaboration, has requested CTSC expertise in help securing their operational processes.
As HUBzero moves forward, strengthening its software assurance process and its expansion into AWS in order to improve hub instantiation time, adaptability, and to accommodate more projects through lower-cost hub offerings, CTSC will engage with HUBzero to maintain a high level of operational security around hubs, and improve the quality of the underlying HUBzero framework and their content management system (CMS).
CTSC is excited to work with HUBzero in achieving the goals set forth within the engagement, including: developing a Master Information Security Policy and Procedures document in order to define and communicate a coherent, effective security strategy across all of HUBzero's new organizational structure, drafting a Software Assurance and Testing Policy for HUBzero’s developed and/or maintained software, generating a risk-aware workflow for HUBZero’s R&D process, facilitating on-site training to HUBzero staff for secure software engineering, and providing teleconferencing consultation to support HUBzero in their migration to AWS cloud services.
The engagement is scheduled to run until the end of the year. Upon completion, it is CTSC’s expectation that the processes developed, as well as the insights gained in this engagement will benefit HUBzero directly, improving the quality of the platform for the science that relies upon it. Additional benefits reaped during the six month period should provide models for dealing with similar challenges now and in the future across many other cyberinfrastructure projects.