mirror of https://github.com/status-im/swarms.git
90 lines
2.0 KiB
Markdown
90 lines
2.0 KiB
Markdown
---
|
|
id: 281-security-process-experiment-pilot
|
|
title: Securty Process Experiment / Pilot
|
|
status: In Progress
|
|
created: 2018-07-25
|
|
category: core
|
|
lead-contributor: mandrigin
|
|
contributors:
|
|
- flexsurfer
|
|
- goranjovic
|
|
exit-criteria: yes
|
|
success-metrics: yes
|
|
clear-roles: yes
|
|
future-iterations: yes
|
|
roles-needed:
|
|
---
|
|
|
|
## Preamble
|
|
|
|
Idea: #281-security-process-experiment-pilot
|
|
Title: Security Process Experiment / Pilot
|
|
Status: In Progress
|
|
Created: 2018-07-25
|
|
|
|
The Security Experiment consists of a Security Process and potentially a few
|
|
one-time projects, like retroactively threat-modeling the app and setting up
|
|
the security-related automation features.
|
|
|
|
This experiment starts in a limited amount of teams (pilot) and to be expanded
|
|
if successful.
|
|
|
|
Pilot is limited to `#core-wallet` and `#core-dapps` projects.
|
|
|
|
## Objectives
|
|
|
|
- build security culture in the organization;
|
|
|
|
- implement "security first" approach to building our projects.
|
|
|
|
## Key Results
|
|
|
|
- Security Champions are identified;
|
|
|
|
- There is a security-related community in the organization;
|
|
|
|
- The projects are build using the best practices of secure development
|
|
(including automation);
|
|
|
|
- Each team has a security contact;
|
|
|
|
- All the new features get security & privacy assessments;
|
|
|
|
## Timeline / Checkpoints
|
|
|
|
Length of the experiment: 3 months
|
|
|
|
Experiment starts July, 25th
|
|
|
|
Check-ups:
|
|
|
|
- after month 1 (Aug, 23th)
|
|
|
|
- assessment of key results and security perception/awareness within Status;
|
|
|
|
- Polly check-ups with security champions;
|
|
|
|
- Retrospective/1:1s with security champions;
|
|
|
|
- Retrospective with each of the pilot teams.
|
|
|
|
# Exit Criteria
|
|
|
|
- 1 month has passed;
|
|
|
|
# Success Metrics
|
|
|
|
- New features in both wallet and dapps team are being security-assessed and
|
|
threat modelled if needed;
|
|
|
|
- Security Champions know their responsibilities;
|
|
|
|
- People in Status are aware about the security process.
|
|
|
|
## What exactly we going to do?
|
|
|
|
See [Security Experiment @ docs.status.im](https://docs.status.im/docs/security_experiment.html)
|
|
|
|
|
|
|