search

os-climate / os_c_data_commons

Repository for Data Commons platform architecture overview, as well as developer and user documentation
Apache License 2.0
20 stars 10 forks source link

Security incident - Handling #196

Open eoriorda opened 2 years ago

eoriorda commented 2 years ago

Whats a better mechanism if someone reports an incident . Need a process to triage security incidents .

Setup regular scanning for leaked credentials Incident management : Clear path on how to report it and who manages the incident . security@osclimate.org is the email to report how its handled after that is the part that needs clarity .

Potential to route it to support and they can escalate to a hierarchy .

https://github.com/os-climate/os_c_data_commons/issues/194. More details of the reported issues.

eoriorda commented 2 years ago
  1. Focus on resolving incident first
  2. Next : Talk about what we do in the future. Red hat and Lf talk about what the best practice should be and urgency of handling issues. How to raise and incident , how to share , involve people.
  3. How do we proactively prevent these issues in the future. Suggest to put a group together .

Eric and Mikhail will lead this .

HeatherAck commented 2 years ago

Need documentation on how to initiate incident How to handle security in general Heather to add Eric and Mikhail as moderators to email distro list

HeatherAck commented 2 years ago

Heather added Eric/Mikhail/Ryan to distro Eric to get Open SSF guidelines from LF

HeatherAck commented 2 years ago

@HeatherAck to set up meeting to go through guidelines with @MightyNerdEric and align on action plan

HeatherAck commented 2 years ago

meeting scheduled for Thurs 6-Oct

HeatherAck commented 2 years ago

@HeatherAck Review SSF guidelines - and recommend a schedule and timing of various steps

HeatherAck commented 1 year ago

in progress list partially completed

HeatherAck commented 1 year ago

finish this week