Note: lists.fd.io will be down for maintenance on Wednesday, October 5th, starting at 9AM Pacific Time (4PM Wednesday October 5, 2022 UTC), for approximately one hour.
- Introducing David Jorm, security response process expert
Re: Introducing David Jorm, security response process expert
toggle quoted messageShow quoted text
Thank you for the work, I will add it to the TSC agenda for tomorrow. Will you be able to attend to discuss it (8am PST)? If so, do you have any constraints on your time that would influence when in the agenda we cover it (needing to leave before the end of the meeting for example)?
On Wed, May 18, 2016 at 1:20 AM, David Jorm <david.jorm@...>
This process is based on the one I developed for OpenDaylight, but has been simplified to suit fd.io
. I think the next steps are to send out a call for participation on the security team, form that team to review and approve the process, then turn our attention to implementation. Here is some text for the call for participation, which I think should come from a more established member of the community rather than from me:
grows and matures, we realize it is important to establish a vulnerability management process and a security team to define and execute it. We're looking for a small group of security-minded people who can form this team. Responsibilities will include:
* Reading and triaging incoming reports of security issues
* Producing patches for security issues as a top priority
* Maintaining confidentiality of security issues until they are patched and publicly disclosed
* Writing advisories to communicate information about security issues and patches to the community
We have David Jorm, an experienced security engineer, onboard to lead the team and define the process, so don't worry if you aren't a security expert. Anyone who is an active fd.io
developer or other contributor would be welcome to join the team. If you are interested, please let the TSC know.
Join email@example.com to automatically receive all group messages.