This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Working Sessions/Session203/Deliverable 1"

From OWASP
Jump to: navigation, search
(Created page with '== Deliverable 1 == '''OWASP Project Disclosure Policy''' To be filled in.')
 
Line 4: Line 4:
  
  
To be filled in.
+
=== Example Policies and Bylaws from Founding of the Apache Security Team ===
 +
 
 +
A. Reestablishing the Apache Security Team
 +
 +
      WHEREAS, the Board of Directors deems it to be in the best
 +
      interests of the Foundation and consistent with the
 +
      Foundation's purpose to establish the ASF Board Committee
 +
      charged with maintaining the security of software produced by
 +
      the various projects established under the ASF's umbrella,
 +
      but not for the security of the servers and other
 +
      infrastructure used by the ASF.
 +
 +
      NOW, THEREFORE, BE IT RESOLVED, that the ASF Board Committee,
 +
      known as the "Apache Security Team", be and hereby is
 +
      reestablished pursuant to Bylaws of the Foundation; and be it
 +
      further
 +
 +
      RESOLVED, that the Apache Security Team be and hereby is
 +
      responsible for organization and oversight of efforts to
 +
      maintain the security of ASF projects and shall act as a
 +
      single point of contact between the ASF and any entity
 +
      wishing to report or fix any security related issue in any
 +
      project.
 +
 +
      RESOLVED, that each project shall appoint at least one
 +
      non-voting liaison to the committee, who shall have commit
 +
      privilege for the project's repository, and the technical
 +
      ability to release new versions, advisories or security
 +
      patches on behalf of the project.
 +
 +
      RESOLVED, that the committee shall have the power to act on
 +
      behalf of any project in matters of security.
 +
 +
      RESOLVED, that Mark Cox shall serve at the direction of
 +
      the Board of Directors as the chair of the Security Team and
 +
      have primary responsibility for managing the Security Team;
 +
      and be it further
 +
 +
      RESOLVED, that the persons listed immediately below be and
 +
      hereby are appointed to serve as the members of the Apache
 +
      Security Team:
 +
 +
          Ben Laurie
 +
          Mark Cox
 +
 +
      There was some discussion over the small number of "initial"
 +
      members of the team. It was noted that it was expected that
 +
      new members would be added as soon as the team rebooted.
 +
 +
      Special Order 6A, Reestablishing the Apache Security Team, was
 +
      approved by Unanimous Vote.
 +
 
 +
=== Mozilla Security Policies ===
 +
 
 +
[https://www.mozilla.org/projects/security/security-bugs-policy.html https://www.mozilla.org/projects/security/security-bugs-policy.html]

Revision as of 11:54, 7 February 2011

Deliverable 1

OWASP Project Disclosure Policy


Example Policies and Bylaws from Founding of the Apache Security Team

A. Reestablishing the Apache Security Team

      WHEREAS, the Board of Directors deems it to be in the best
      interests of the Foundation and consistent with the
      Foundation's purpose to establish the ASF Board Committee
      charged with maintaining the security of software produced by
      the various projects established under the ASF's umbrella,
      but not for the security of the servers and other
      infrastructure used by the ASF.

      NOW, THEREFORE, BE IT RESOLVED, that the ASF Board Committee,
      known as the "Apache Security Team", be and hereby is
      reestablished pursuant to Bylaws of the Foundation; and be it
      further

      RESOLVED, that the Apache Security Team be and hereby is
      responsible for organization and oversight of efforts to
      maintain the security of ASF projects and shall act as a
      single point of contact between the ASF and any entity
      wishing to report or fix any security related issue in any
      project.

      RESOLVED, that each project shall appoint at least one
      non-voting liaison to the committee, who shall have commit
      privilege for the project's repository, and the technical
      ability to release new versions, advisories or security
      patches on behalf of the project.

      RESOLVED, that the committee shall have the power to act on
      behalf of any project in matters of security.

      RESOLVED, that Mark Cox shall serve at the direction of
      the Board of Directors as the chair of the Security Team and
      have primary responsibility for managing the Security Team;
      and be it further

      RESOLVED, that the persons listed immediately below be and
      hereby are appointed to serve as the members of the Apache
      Security Team:

          Ben Laurie
          Mark Cox

      There was some discussion over the small number of "initial"
      members of the team. It was noted that it was expected that
      new members would be added as soon as the team rebooted.

     Special Order 6A, Reestablishing the Apache Security Team, was
     approved by Unanimous Vote.

Mozilla Security Policies

https://www.mozilla.org/projects/security/security-bugs-policy.html