All, Thanks! If your company wants security in AllSeen, and you know someone with a strong background in security, please encourage them to volunteer for four hours per month in helping review interfaces. If they are interested, they can either volunteer on this thread, or contact me privately bwitten @ symantec ..com -- Interfaces reviews are not "line by line" reviews of .cpp files, just the interface definitions, not very onerous, just 4 hours/month if we share the load together.
Thanks Again Either Way! Best, Brian ________________________________________ From: Lioy, Marcello [[email protected]] Sent: Thursday, March 17, 2016 12:13 PM To: Brian Witten; [email protected]; [email protected]; [email protected]; '[email protected]' Subject: RE: IRB - More Security Review Experts Needed! I would like to echo Brian's call for security reviewers to support the work the IRB is doing. I think we all agree that security is foundational and should not be "bolted on after" as it so often is. This implies that we need people with a security expertise looking at the interfaces which are the low level basis of our interoperability. So I ask members to try and identify someone in their organization that has some security expertise to have some time allocated to ensure that the work being done is sound. Thank you. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Witten Sent: Thursday, March 10, 2016 12:39 PM To: [email protected]; [email protected] Subject: [Allseen-core] IRB - More Security Review Experts Needed! Hi Everyone, I believe that we're down to three active security reviewers. Please LMK if (a) if you are willing to do 1 interface review per month, and you have a strong security background, ** or ** (b) you know someone with a strong security background who might be willing to do one interface review per month. Currently active security reviewers, unless I've made a mistake: ** Greg Zaverucha, Microsoft, http://research.microsoft.com/en-us/people/gregz/ ** Brian Witten, Symantec, https://www.linkedin.com/in/bwitten ** Gerrit Ruelens, QEO, http://allseenalliancesummit2014.sched.org/speaker/gerritruelens --> Please LMK any corrections if I've made a mistake here. Thanks Again Either Way! Best, Brian ________________________________________ From: Brian Witten Sent: Tuesday, November 17, 2015 9:26 PM To: Dan Shumow; [email protected]; [email protected]; [email protected]; [email protected] Subject: IRB - More Security Review Experts Needed! All, As AllSeen releases Security 2.0 with 15.09, a number of the security engineers who came "onto" the AllJoyn project to help with Security 2.0 are now rotating into new roles within their companies, less involved with AllJoyn/AllSeen. In fact, with both Cameron McDonald and Dan Shumow moving into new roles, we are now (again) looking for volunteers to participate as "Security Experts" in the Interface Review Board (IRB) process. If you are interested in being recognized as a Security Expert and helping with IRB security reviews, please let me know. This is a great way to both get more involved in AllSeen, and get more community recognition for your security experience. Candidates need to be approved by the AllSeen Technical Steering Committee (TSC), but anyone from any member company can apply, including "community" and "sponsored" members. You do _NOT_ need to be a voting member of the SSC. Current IRB "Security Review Experts" are copied on this note and listed below. If we don't get enough volunteers from within the SSC, then we'll ask for volunteers from the AllSeen Core and AllSeen Community mailing lists. In parallel, I'm also asking a few colleagues within Symantec who might be interested. Ideally, we'd have six to eight such experts. Once or twice a month we have a new set of interfaces to review, but having six to eight reviewers lets the reviews rotate such that the commitment shoul dn't need to be more than one review per quarter. Dan Shumow, Microsoft, http://research.microsoft.com/en-us/people/danshu/ Greg Zaverucha, Microsoft, http://research.microsoft.com/en-us/people/gregz/ Gerrit Ruelens, QEO, http://allseenalliancesummit2014.sched.org/speaker/gerritruelens Cameron McDonald, Qualcomm, http://www.researchgate.net/profile/Cameron_Mcdonald2 Brian Witten, Symantec, https://www.linkedin.com/in/bwitten Perhaps most importantly, if this isn't a fit for you personally, ask yourself, "do you know any security experts who might enjoy contributing in this manner?" Last, please don't hesitate to let me know any questions - Always, Brian _______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core _______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core
