Frank Hecker wrote:
LOL. I'm not qualified to be a "security director" for the Mozilla
project; my only "skill" is writing turgid policy documents.
I wouldn't say that. Actually, any security director
would spend most of their time doing exactly that,
documents and consensus building.
Actual security work - bug fixing, new modules, and
all that ... - that's what the team should be doing,
IMHO.
The closest equivalent to a "security director" right now is the
security group module owner, who's currently Dan Veditz:
http://www.mozilla.org/projects/security/secgrouplist.html
Dan, are you here? Any thoughts?
I don't believe Dan works for the Mozilla Foundation, but in any case
I think it would not be a bad idea for the MF to hire someone
specifically to oversee security-related issues all across the
product(s), including security vulnerabilities, security UI, crypto,
etc. (And while they're at it, PSM needs a module owner too :-)
If MF has budget for this, I couldn't think of a better
use of funds. Having spent all that money building
a brand based on security, it might be good to start
preparing the dog food for the table ;)
Having said that, if such a person did come in, it
might be good to have a consensus with the rest of
the crew as to what said security lead can do .. and
not do.
Do you have a job process? Some form of board
approval needed?
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
