Hi everyone,
I’d like to introduce Chris Steipp, who starts today as our Senior Security Engineer. Chris comes to us from Global Media Outreach, where he served as their CTO. Before that, he worked at Novacoast, doing security consulting. He went to school at Royal Hollaway in Egham, UK (just outside London).
The Software Security Engineer was originally conceived as a means of increasing our code review capacity. One bottleneck in our code review process was when a specific security review was needed, because most people aren’t as confident in themselves to perform a specific review for security, nor confident in each other. That led to a situation where we had one person (Tim Starling) who would be the bottleneck for complicated security reviews. Now with Chris on board, we have someone (else) whose job it is to do security reviews.
However, that won't be Chris's sole responsibility. A lot of Chris's time will be spent designing and developing new features and enhancing existing features of Wikimedia systems, with a particular focus on features requiring expertise in security (such as improved HTTPS support, better/different authentication features, and other handling of sensitive data).
Chris is a friendly and enthusiastic teacher, and is planning to lead secure development training for the organization.
Chris lives here in the SF Bay area with his (soon to be growing) family. Please join me in welcoming Chris!
Rob