Product Safety and Integrity - MediaWiki
Jump to content
From mediawiki.org
Translate this page
Languages:
Bahasa Indonesia
polski
русский
About the Foundation
Movement Resources
News and Events
Office of CEO
Advancement
Communications
Finance and Administration
Legal
Product and Technology
People
As the
Product Safety and Integrity
team, we are focused on the security and safety of editors, readers, users with extended rights, and everyone who makes the wikis work.
Back to Product and Technology
How we work
edit
We develop new tools and signals that enable more effective and precise moderation, and to defend against malicious automated traffic
We work closely with communities to help prevent abusive and policy-violating activity on our projects
We work with our infrastructure teams to respond to threats of scaled abuse
We maintain the security of our platform and the accounts of our users
Before the merger in 2025, there were two separate teams:
Product Security
, and
Trust and Safety Product
. The latter was formed in 2023 of Anti-Harassment Tools and Trust and Safety Tools. You may still find these names used in the documentation.
Projects
edit
Our work constitutes most of the objective
Wiki Experiences 4: Safety and Security
(WE4; owner:
Eric
).
Code in the brackets is used in the annual plans, and helps identify and report the projects (key results) and smaller pieces of work for each key result (
hypotheses
).
Incident Reporting System
(WE4.1; owner:
Madalina
) – allowing users to report immediate threats of harm to ensure we can learn about such incidents and take prompt action where necessary
Anti-abuse signals
(WE4.2; owner:
Kosta
) – allowing both the Foundation and users with extended rights to detect and prevent inauthentic and malicious activity on the wikis
Temporary Accounts
(WE4.4; owner:
Niharika
) – improving the privacy and safety of the unregistered editors by shielding their personally identifiable information
Account Security
(WE4.6; owner:
Roan
) – enforcing two-factor authentication on user accounts with privileges allowing to take security- or privacy-sensitive actions
People
Team leads
edit
Eric Mill
Group Product Manager
Niharika Kohli
Lead Product Manager
Madalina Ana
Senior Product Manager
Olga Kryva
Engineering Manager
Riku Silvola
Engineering Manager
Kosta Harlan
Principal Software Engineer
Roan Kattouw
Principal Software Engineer
Scott Bassett
Staff Security Engineer
Thalia Chan
Staff Software Engineer
Katie Coleman
Lead UX Designer
Kieran McCann
Lead UX Designer
Szymon Grabarczuk
Lead Movement Communications Specialist
Other team members
edit
vacant - apply!
Senior Software Engineer (Privacy)
Héctor Arroyo
Software Engineer
William Brown
Senior Software Engineer
Manfredi Martorana
Application Security Engineer
Maxim Postoronca
Senior Software Engineer
Aranya Prum
Privacy Engineer II
Sam Reed
Senior Security Engineer
Alex Sanford
Senior Software Engineer
Maryum Styles
Application Security Engineer
Marcin Szwarc
Software Engineer
Tran
Staff Software Engineer
People we work with
edit
Connie Chen
Senior Data Scientist
Emeka Chukwukere
Test Engineer III
Claudia Lo
Senior Design Researcher
Madi Moss
Senior Counsel
Zaree Singer
Lead Technical Program Manager
Martin Urbanec
Steward liaison with the team (volunteer)
Dom Walden
Test Engineer
Internal documentation
Metrics and instrumentation
edit
Temporary accounts dashboard
MediaModeration PhotoDNA Stats
Decision records
edit
2024-06-24 Mechanism for disabling temp accounts
2024-08-16-Approach for account reputation prototype
2024-09-24 Naming Special:GlobalContributions
2024-12-02-GlobalContributions will not support legacy IPs
2025-01-21 IP Auto-reveal
2025-02-04-IPReputation AbuseFilter variables for registered users
2025-02-05-IPoid-OpenSearch
2025-02-07 Placeholder temporary account
2025-05-21-Technical enforcement for thresholds
2025-06-04 Disabling CheckUser API on WMF wikis
CNA Partnership
edit
Since 2024, the Wikimedia Foundation is
an official partner of the Common Vulnerabilities and Exposures (CVE) program
CVE is an international effort to catalog publicly disclosed cybersecurity vulnerabilities.
This
partnership with the CVE program
allows us to instantly publish
common vulnerabilities and exposures
records that are affecting MediaWiki core and extensions, along with any other code the Foundation is a steward of.
CVEs are assigned based on the discretion of the PSI team and publicly announced in
this GitLab repository
To learn more about our Security Issue reporting process please check
out the process
Security issues are also announced quarterly on
the mediawiki-announce email list
The PSI team has internal security documentation on the
Supplemental Release Process
Connect with us
Subscribe to our newsletter
Eric
ericmill
wikimedia.org
) – the team leader
Szymon
sgrabarczuk
wikimedia.org
) – the Movement Communications person for the team
For product security issues:
Security/SOP/Requests For Service
For all other questions or if you require assistance in determining your security needs, email security-help
wikimedia.org
Tasks that follow
a recognized flow
will be at a minimum discussed by our team during our weekly clinic meeting
The Wikimedia Foundation, Inc is a nonprofit charitable organization dedicated to encouraging the growth, development and distribution of free, multilingual content, and to providing the full content of these wiki-based projects to the public free of charge.
Retrieved from "
Category
Product Safety and Integrity
Product Safety and Integrity
Add topic
US