The initial point of contact for the majority of our
services is now a
consistent Request For Services [2] (RFS) form [3].
Do I need a coversheet ?
https://www.youtube.com/watch?v=Fy3rjQGc6lA
On Tue, Jan 28, 2020 at 4:13 PM John Bennett <jbennett(a)wikimedia.org> wrote:
> Hello,
>
> In an effort to create a repeatable and streamlined process for consumption
> of security services the Security Team has been working on changes and
> improvements to our workflows. Much of this effort is an attempt to
> consolidate work intake for our team in order to more effectively
> communicate status, priority and scheduling. This is step 1 and we expect
> future changes as our tooling, capabilities and processes mature.
>
> *How to collaborate with the Security Team*
>
> The Security Team works in an iterative manner to build new and mature
> existing security services as we face new threats and identify new risks.
> For a list of currently deployed services please review our services [1]
> page.
>
The initial point of contact for the majority of our
services is now a
consistent Request For Services [2] (RFS) form [3].
>
> The two workflow exceptions to RFS are the Privacy Engineering [4] service
> and Security Readiness Review [5] process which already had established
> methods that are working well.
>
> If the RFS forms are confusing or don't lead you to the answers you need
> try security-help(a)wikimedia.org to get assistance with finding the right
> service, process, or person
>
> security(a)wikimedia.org will continue to be our primarily external
> reporting
> channel
>
> *Coming changes in Phabricator*
>
> We will be disabling the workboard on the #Privacy [6] project. This
> workboard is not actively or consistently cultivated and often confuses
> those who interact with it. #Privacy is a legitimate tag to be used in
> many cases, but the resourced privacy contingent within the Security Team
> will be using the #privacy engineering [7] component.
>
> We will be disabling the workboard for the #Security [8] project. Like the
> #Privacy project this workboard is not actively or consistently cultivated
> and is confusing. Tasks which are actively resourced should have an
> associated group [9] tag such as #Security Team [10].
>
> The #Security project will be broken up into subprojects [11] with
> meaningful names that indicate user relation to the #Security landscape.
> This is in service to #Security no longer serving double duty as an ACL and
> a group project. An ACL*Security-Issues project will be created and
> #Security will still be available to link cross cutting issues, but will
> also allow equal footing for membership for all Phabricator users.
>
> *Other Changes*
>
> A quick callout to the consistency [12] and Gerrit sections of our team
> handbook [13]. As a team we have agreed that all changesets we interact on
> need a linked task with the #security-team tag.
>
> security@ will soon be managed as a Google group collaborative inbox [14]
> as outlined in T243446.
>
> Thanks
> John
>
> [1] Security Services
>
https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Services
> [2] Security RFS docs
>
https://www.mediawiki.org/wiki/Security/SOP/Requests_For_Service
> [3] RFS form
>
https://phabricator.wikimedia.org/maniphest/task/edit/form/72/
> [4] Privacy Engineering RFS
>
>
https://form.asana.com/?hash=554c8a8dbf8e96b2612c15eba479287f9ecce3cbaa09e2…
> [5] Readiness Review SOP
>
https://www.mediawiki.org/wiki/Security/SOP/Security_Readiness_Reviews
> [6] Phab Privacy tag
>
https://phabricator.wikimedia.org/tag/privacy/
> [7] Privacy Engineering Project
>
https://phabricator.wikimedia.org/project/view/4425/
> [8] Security Tag
>
https://phabricator.wikimedia.org/tag/security/
> [9] Phab Project types
>
>
https://www.mediawiki.org/wiki/Phabricator/Project_management#Types_of_Proj…
> [10] Security Team tag
>
https://phabricator.wikimedia.org/tag/security-team/
> [11] Security Sub Projects
>
https://phabricator.wikimedia.org/project/subprojects/4420/
> [12] Security Team Handbook
>
https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Handbook#Consistency
> [13] Secteam handbook-gerrit
>
https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Handbook#Gerrit
> [14] Google collab inbox
>
https://support.google.com/a/answer/167430?hl=en
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l(a)lists.wikimedia.org
>
https://lists.wikimedia.org/mailman/listinfo/wikitech-l