> The initial point of contact for the majority of our services is now a > consistent Request For Services [2] (RFS) form [3].
Do I need a coversheet ? https://www.youtube.com/watch?v=Fy3rjQGc6lA On Tue, Jan 28, 2020 at 4:13 PM John Bennett <[email protected]> wrote: > Hello, > > In an effort to create a repeatable and streamlined process for consumption > of security services the Security Team has been working on changes and > improvements to our workflows. Much of this effort is an attempt to > consolidate work intake for our team in order to more effectively > communicate status, priority and scheduling. This is step 1 and we expect > future changes as our tooling, capabilities and processes mature. > > *How to collaborate with the Security Team* > > The Security Team works in an iterative manner to build new and mature > existing security services as we face new threats and identify new risks. > For a list of currently deployed services please review our services [1] > page. > > The initial point of contact for the majority of our services is now a > consistent Request For Services [2] (RFS) form [3]. > > The two workflow exceptions to RFS are the Privacy Engineering [4] service > and Security Readiness Review [5] process which already had established > methods that are working well. > > If the RFS forms are confusing or don't lead you to the answers you need > try [email protected] to get assistance with finding the right > service, process, or person > > [email protected] will continue to be our primarily external > reporting > channel > > *Coming changes in Phabricator* > > We will be disabling the workboard on the #Privacy [6] project. This > workboard is not actively or consistently cultivated and often confuses > those who interact with it. #Privacy is a legitimate tag to be used in > many cases, but the resourced privacy contingent within the Security Team > will be using the #privacy engineering [7] component. > > We will be disabling the workboard for the #Security [8] project. Like the > #Privacy project this workboard is not actively or consistently cultivated > and is confusing. Tasks which are actively resourced should have an > associated group [9] tag such as #Security Team [10]. > > The #Security project will be broken up into subprojects [11] with > meaningful names that indicate user relation to the #Security landscape. > This is in service to #Security no longer serving double duty as an ACL and > a group project. An ACL*Security-Issues project will be created and > #Security will still be available to link cross cutting issues, but will > also allow equal footing for membership for all Phabricator users. > > *Other Changes* > > A quick callout to the consistency [12] and Gerrit sections of our team > handbook [13]. As a team we have agreed that all changesets we interact on > need a linked task with the #security-team tag. > > security@ will soon be managed as a Google group collaborative inbox [14] > as outlined in T243446. > > Thanks > John > > [1] Security Services > https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Services > [2] Security RFS docs > https://www.mediawiki.org/wiki/Security/SOP/Requests_For_Service > [3] RFS form > https://phabricator.wikimedia.org/maniphest/task/edit/form/72/ > [4] Privacy Engineering RFS > > https://form.asana.com/?hash=554c8a8dbf8e96b2612c15eba479287f9ecce3cbaa09e235243e691339ac8fa4&id=1143023741172306 > [5] Readiness Review SOP > https://www.mediawiki.org/wiki/Security/SOP/Security_Readiness_Reviews > [6] Phab Privacy tag > https://phabricator.wikimedia.org/tag/privacy/ > [7] Privacy Engineering Project > https://phabricator.wikimedia.org/project/view/4425/ > [8] Security Tag > https://phabricator.wikimedia.org/tag/security/ > [9] Phab Project types > > https://www.mediawiki.org/wiki/Phabricator/Project_management#Types_of_Projects > [10] Security Team tag > https://phabricator.wikimedia.org/tag/security-team/ > [11] Security Sub Projects > https://phabricator.wikimedia.org/project/subprojects/4420/ > [12] Security Team Handbook > https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Handbook#Consistency > [13] Secteam handbook-gerrit > https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Handbook#Gerrit > [14] Google collab inbox > https://support.google.com/a/answer/167430?hl=en > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
