Strawman Security Policies
From OPeNDAP Documentation
1 Strawman Security Policies
These policies are currently in work by the Security Working Group.
1.1 General Policies
- A Chief Security Officer (CSO) and Deputy CSO for OPeNDAP.org shall be designated.
- OPeNDAP.org shall identify the specifications and software products for which it is the party responsible for addressing security vulnerabilities.
1.2 Incident Response Policies
- All communications regarding security incidents shall be by phone or encrypted email.
- All communications regarding security vulnerabilities shall be by phone or encrypted email, prior to general-audience announcements on vulnerabilities and their fixes.
- The organization or individuals reporting an incident or vulnerability shall not be identified to other parties.