swarms/ideas/281-security-process-experi...

90 lines
2.0 KiB
Markdown
Raw Normal View History

---
id: 281-security-process-experiment-pilot
title: Securty Process Experiment / Pilot
status: In Progress
created: 2018-07-25
category: core
lead-contributor: mandrigin
contributors:
- flexsurfer
- goranjovic
exit-criteria: yes
success-metrics: yes
clear-roles: yes
future-iterations: yes
roles-needed:
---
## Preamble
Idea: #281-security-process-experiment-pilot
Title: Security Process Experiment / Pilot
Status: In Progress
Created: 2018-07-25
The Security Experiment consists of a Security Process and potentially a few
one-time projects, like retroactively threat-modeling the app and setting up
the security-related automation features.
This experiment starts in a limited amount of teams (pilot) and to be expanded
if successful.
Pilot is limited to `#core-wallet` and `#core-dapps` projects.
## Objectives
- build security culture in the organization;
- implement "security first" approach to building our projects.
## Key Results
- Security Champions are identified;
- There is a security-related community in the organization;
- The projects are build using the best practices of secure development
(including automation);
- Each team has a security contact;
- All the new features get security & privacy assessments;
## Timeline / Checkpoints
Length of the experiment: 3 months
Experiment starts July, 25th
Check-ups:
- after month 1 (Aug, 23th)
- assessment of key results and security perception/awareness within Status;
- Polly check-ups with security champions;
- Retrospective/1:1s with security champions;
- Retrospective with each of the pilot teams.
# Exit Criteria
- 1 month has passed;
# Success Metrics
- New features in both wallet and dapps team are being security-assessed and
threat modelled if needed;
- Security Champions know their responsibilities;
- People in Status are aware about the security process.
## What exactly we going to do?
See [Security Experiment @ docs.status.im](https://docs.status.im/docs/security_experiment.html)