---
id: 281-security-process-experiment-pilot
title: Securty Process Experiment / Pilot
status: In Progress
created: 2018-07-25
category: core
lead-contributor: mandrigin
contributors:
    - flexsurfer
    - goranjovic
exit-criteria: yes
success-metrics: yes
clear-roles: yes
future-iterations: yes
roles-needed:
---

## Preamble

    Idea: #281-security-process-experiment-pilot
    Title: Security Process Experiment / Pilot
    Status: In Progress
    Created: 2018-07-25

The Security Experiment consists of a Security Process and potentially a few
one-time projects, like retroactively threat-modeling the app and setting up
the security-related automation features.

This experiment starts in a limited amount of teams (pilot) and to be expanded
if successful.

Pilot is limited to `#core-wallet` and `#core-dapps` projects.

## Objectives

- build security culture in the organization;

- implement "security first" approach to building our projects.

## Key Results

- Security Champions are identified;

- There is a security-related community in the organization;

- The projects are build using the best practices of secure development
(including automation);

- Each team has a security contact;

- All the new features get security & privacy assessments;

## Timeline / Checkpoints

Length of the experiment: 3 months

Experiment starts July, 25th

Check-ups:

- after month 1 (Aug, 23th)

    - assessment of key results and security perception/awareness within Status;

    - Polly check-ups with security champions;

    - Retrospective/1:1s with security champions;

    - Retrospective with each of the pilot teams.

# Exit Criteria

- 1 month has passed;

# Success Metrics

- New features in both wallet and dapps team are being security-assessed and
threat modelled if needed;

- Security Champions know their responsibilities;

- People in Status are aware about the security process.

## What exactly we going to do?

See [Security Experiment @ docs.status.im](https://docs.status.im/docs/security_experiment.html)