Topics

Project Proposal for Security Response Team


Andi Rowley <andi.rowley@...>
 

Dear FD.io TSC,
I'd like to propose a project for assembling a security response team.
Please see https://wiki.fd.io/index.php?title=Project_Proposals/SRT for details.

It would be great to get your support.If there is anyone else interested in volunteering, please let us
know within the next two weeks.

Thank you

Andi Rowley


Joel Halpern
 

I am a little confused by your request.  The TSC has organized a security response team and approved its membership.  The team is working on refining its charter, found at:

 

https://wiki.fd.io/view/TSC:Vulnerability_Management

 

We should probably make that more visible, but I have been waiting for the team to do their edits, so the TSC can approve that process.

You can find the team membership in the minutes of the meeting from June 9.

 

Yours,

Joel

 

PS: Security Response is not well-modeled as a project, which is why this is being handled differently.

 

From: tsc-bounces@... [mailto:tsc-bounces@...] On Behalf Of Andi Rowley
Sent: Monday, July 25, 2016 3:05 PM
To: tsc@...
Subject: [tsc] Project Proposal for Security Response Team

 

Dear FD.io TSC,
I'd like to propose a project for assembling a security response team.
Please see https://wiki.fd.io/index.php?title=Project_Proposals/SRT for details.
 
It would be great to get your support.If there is anyone else interested in volunteering, please let us
know within the next two weeks.
Thank you

Andi Rowley


C.J. Collier
 

Hi Joel,

I happened to have Andi visit my office for something of an internship.  One of the topics which has drawn Andi's attention has been that of security vulnerabilities, threat modeling and response implementation, especially in the area of computer networks.  I know that we have had these topics broached at TSC meetings, but my understanding is that such a project does not yet have an official allocation of resources.  It might be a good idea for the team to contribute to the project proposal wiki page.

Some examples of some resources SRTs could use a sub-project for hosting or dealing with:


Andi,

I recommend that you review and, if you feel comfortable doing so, make some modifications to the wiki page Joel has indicated. 

https://wiki.fd.io/view/TSC:Vulnerability_Management

 Some changes you can make to the Proposal and TSC:Vuln. Mgmt page include
* copy from (proposal wiki) External Links -> to (vuln. mgmt. wiki) Reference procedures
* add the team members listed on the vuln. mgmt. page to the committers list on the SRT proposal.
**  Actually, I don't see any team members.  Check the history of the vuln. mgmt. page, and consider putting those contributors to the vuln. mgmt. page in the "initial committers" list on the proposal page.
* If Joel approves, copy the "initial committers" from the proposal page in to a new section "=== Team Members ===" on the vuln. mgmt. page.

Let me know if I can clarify in any way, Joel,

Cheers,

C.J.



On Mon, Jul 25, 2016 at 12:56 PM, Joel Halpern <joel.halpern@...> wrote:

I am a little confused by your request.  The TSC has organized a security response team and approved its membership.  The team is working on refining its charter, found at:

 

https://wiki.fd.io/view/TSC:Vulnerability_Management

 

We should probably make that more visible, but I have been waiting for the team to do their edits, so the TSC can approve that process.

You can find the team membership in the minutes of the meeting from June 9.

 

Yours,

Joel

 

PS: Security Response is not well-modeled as a project, which is why this is being handled differently.

 

From: tsc-bounces@... [mailto:tsc-bounces@...] On Behalf Of Andi Rowley
Sent: Monday, July 25, 2016 3:05 PM
To: tsc@...
Subject: [tsc] Project Proposal for Security Response Team

 

Dear FD.io TSC,
I'd like to propose a project for assembling a security response team.
Please see https://wiki.fd.io/index.php?title=Project_Proposals/SRT for details.
 
It would be great to get your support.If there is anyone else interested in volunteering, please let us
know within the next two weeks.
Thank you

Andi Rowley

_______________________________________________
tsc mailing list
tsc@...
https://lists.fd.io/mailman/listinfo/tsc


Joel Halpern
 

The people approved are listed in the 9-June minutes.

They are the members of the team.

The reason for the structure is multi-fold, with the two most important being

The project structure is not well-suited to the needs of security response

The confidentiality requirements for handling incident reports requires somewhat different handling than a regular project.

 

That said, if Andi would like to be added to the team, a summary of relevant background and interest sent to the team and the TSC would seem quite useful.

 

If he sees ways to edit the charter page, please also inform the team of the substance of the edits.

 

Yours,

Joel

 

From: C.J. Collier [mailto:cjcollier@...]
Sent: Monday, July 25, 2016 6:10 PM
To: Joel Halpern <joel.halpern@...>
Cc: tsc@...; andi.rowley@...
Subject: Re: [tsc] Project Proposal for Security Response Team

 

Hi Joel,

 

I happened to have Andi visit my office for something of an internship.  One of the topics which has drawn Andi's attention has been that of security vulnerabilities, threat modeling and response implementation, especially in the area of computer networks.  I know that we have had these topics broached at TSC meetings, but my understanding is that such a project does not yet have an official allocation of resources.  It might be a good idea for the team to contribute to the project proposal wiki page.

 

Some examples of some resources SRTs could use a sub-project for hosting or dealing with:

 

 

Andi,

 

I recommend that you review and, if you feel comfortable doing so, make some modifications to the wiki page Joel has indicated. 

 

https://wiki.fd.io/view/TSC:Vulnerability_Management

 

 Some changes you can make to the Proposal and TSC:Vuln. Mgmt page include

* copy from (proposal wiki) External Links -> to (vuln. mgmt. wiki) Reference procedures

* add the team members listed on the vuln. mgmt. page to the committers list on the SRT proposal.

**  Actually, I don't see any team members.  Check the history of the vuln. mgmt. page, and consider putting those contributors to the vuln. mgmt. page in the "initial committers" list on the proposal page.

* If Joel approves, copy the "initial committers" from the proposal page in to a new section "=== Team Members ===" on the vuln. mgmt. page.

 

Let me know if I can clarify in any way, Joel,

 

Cheers,

 

C.J.

 

 

 

On Mon, Jul 25, 2016 at 12:56 PM, Joel Halpern <joel.halpern@...> wrote:

I am a little confused by your request.  The TSC has organized a security response team and approved its membership.  The team is working on refining its charter, found at:

 

https://wiki.fd.io/view/TSC:Vulnerability_Management

 

We should probably make that more visible, but I have been waiting for the team to do their edits, so the TSC can approve that process.

You can find the team membership in the minutes of the meeting from June 9.

 

Yours,

Joel

 

PS: Security Response is not well-modeled as a project, which is why this is being handled differently.

 

From: tsc-bounces@... [mailto:tsc-bounces@...] On Behalf Of Andi Rowley
Sent: Monday, July 25, 2016 3:05 PM
To: tsc@...
Subject: [tsc] Project Proposal for Security Response Team

 

Dear FD.io TSC,
I'd like to propose a project for assembling a security response team.
Please see https://wiki.fd.io/index.php?title=Project_Proposals/SRT for details.
 
It would be great to get your support.If there is anyone else interested in volunteering, please let us
know within the next two weeks.
Thank you

Andi Rowley


_______________________________________________
tsc mailing list
tsc@...
https://lists.fd.io/mailman/listinfo/tsc