2.0 KiB
| id | title | status | created | category | lead-contributor | contributors | exit-criteria | success-metrics | clear-roles | future-iterations | roles-needed | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 281-security-process-experiment-pilot | Securty Process Experiment / Pilot | In Progress | 2018-07-25 | core | mandrigin |
|
yes | yes | yes | yes |
Preamble
Idea: #281-security-process-experiment-pilot
Title: Security Process Experiment / Pilot
Status: In Progress
Created: 2018-07-25
The Security Experiment consists of a Security Process and potentially a few one-time projects, like retroactively threat-modeling the app and setting up the security-related automation features.
This experiment starts in a limited amount of teams (pilot) and to be expanded if successful.
Pilot is limited to #core-wallet and #core-dapps projects.
Objectives
-
build security culture in the organization;
-
implement "security first" approach to building our projects.
Key Results
-
Security Champions are identified;
-
There is a security-related community in the organization;
-
The projects are build using the best practices of secure development (including automation);
-
Each team has a security contact;
-
All the new features get security & privacy assessments;
Timeline / Checkpoints
Length of the experiment: 3 months
Experiment starts July, 25th
Check-ups:
-
after month 1 (Aug, 23th)
-
assessment of key results and security perception/awareness within Status;
-
Polly check-ups with security champions;
-
Retrospective/1:1s with security champions;
-
Retrospective with each of the pilot teams.
-
Exit Criteria
- 1 month has passed;
Success Metrics
-
New features in both wallet and dapps team are being security-assessed and threat modelled if needed;
-
Security Champions know their responsibilities;
-
People in Status are aware about the security process.