This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Working Sessions/Session203/Deliverable 1"
From OWASP
Sandra Paiva (talk | contribs) (Created page with '== Deliverable 1 == '''OWASP Project Disclosure Policy''' To be filled in.') |
|||
| Line 4: | Line 4: | ||
| − | + | === Example Policies and Bylaws from Founding of the Apache Security Team === | |
| + | |||
| + | A. Reestablishing the Apache Security Team | ||
| + | |||
| + | WHEREAS, the Board of Directors deems it to be in the best | ||
| + | interests of the Foundation and consistent with the | ||
| + | Foundation's purpose to establish the ASF Board Committee | ||
| + | charged with maintaining the security of software produced by | ||
| + | the various projects established under the ASF's umbrella, | ||
| + | but not for the security of the servers and other | ||
| + | infrastructure used by the ASF. | ||
| + | |||
| + | NOW, THEREFORE, BE IT RESOLVED, that the ASF Board Committee, | ||
| + | known as the "Apache Security Team", be and hereby is | ||
| + | reestablished pursuant to Bylaws of the Foundation; and be it | ||
| + | further | ||
| + | |||
| + | RESOLVED, that the Apache Security Team be and hereby is | ||
| + | responsible for organization and oversight of efforts to | ||
| + | maintain the security of ASF projects and shall act as a | ||
| + | single point of contact between the ASF and any entity | ||
| + | wishing to report or fix any security related issue in any | ||
| + | project. | ||
| + | |||
| + | RESOLVED, that each project shall appoint at least one | ||
| + | non-voting liaison to the committee, who shall have commit | ||
| + | privilege for the project's repository, and the technical | ||
| + | ability to release new versions, advisories or security | ||
| + | patches on behalf of the project. | ||
| + | |||
| + | RESOLVED, that the committee shall have the power to act on | ||
| + | behalf of any project in matters of security. | ||
| + | |||
| + | RESOLVED, that Mark Cox shall serve at the direction of | ||
| + | the Board of Directors as the chair of the Security Team and | ||
| + | have primary responsibility for managing the Security Team; | ||
| + | and be it further | ||
| + | |||
| + | RESOLVED, that the persons listed immediately below be and | ||
| + | hereby are appointed to serve as the members of the Apache | ||
| + | Security Team: | ||
| + | |||
| + | Ben Laurie | ||
| + | Mark Cox | ||
| + | |||
| + | There was some discussion over the small number of "initial" | ||
| + | members of the team. It was noted that it was expected that | ||
| + | new members would be added as soon as the team rebooted. | ||
| + | |||
| + | Special Order 6A, Reestablishing the Apache Security Team, was | ||
| + | approved by Unanimous Vote. | ||
| + | |||
| + | === Mozilla Security Policies === | ||
| + | |||
| + | [https://www.mozilla.org/projects/security/security-bugs-policy.html https://www.mozilla.org/projects/security/security-bugs-policy.html] | ||
Revision as of 17:54, 7 February 2011
Deliverable 1
OWASP Project Disclosure Policy
Example Policies and Bylaws from Founding of the Apache Security Team
A. Reestablishing the Apache Security Team
WHEREAS, the Board of Directors deems it to be in the best
interests of the Foundation and consistent with the
Foundation's purpose to establish the ASF Board Committee
charged with maintaining the security of software produced by
the various projects established under the ASF's umbrella,
but not for the security of the servers and other
infrastructure used by the ASF.
NOW, THEREFORE, BE IT RESOLVED, that the ASF Board Committee,
known as the "Apache Security Team", be and hereby is
reestablished pursuant to Bylaws of the Foundation; and be it
further
RESOLVED, that the Apache Security Team be and hereby is
responsible for organization and oversight of efforts to
maintain the security of ASF projects and shall act as a
single point of contact between the ASF and any entity
wishing to report or fix any security related issue in any
project.
RESOLVED, that each project shall appoint at least one
non-voting liaison to the committee, who shall have commit
privilege for the project's repository, and the technical
ability to release new versions, advisories or security
patches on behalf of the project.
RESOLVED, that the committee shall have the power to act on
behalf of any project in matters of security.
RESOLVED, that Mark Cox shall serve at the direction of
the Board of Directors as the chair of the Security Team and
have primary responsibility for managing the Security Team;
and be it further
RESOLVED, that the persons listed immediately below be and
hereby are appointed to serve as the members of the Apache
Security Team:
Ben Laurie
Mark Cox
There was some discussion over the small number of "initial"
members of the team. It was noted that it was expected that
new members would be added as soon as the team rebooted.
Special Order 6A, Reestablishing the Apache Security Team, was
approved by Unanimous Vote.
Mozilla Security Policies
https://www.mozilla.org/projects/security/security-bugs-policy.html
