Strawman Security Policies

From OPeNDAP Documentation

1 Strawman Security Policies

These policies are currently in work by the Security Working Group.

1.1 General Policies

  1. A Chief Security Officer (CSO) and Deputy CSO for shall be designated.
  2. shall identify the specifications and software products for which it is the party responsible for addressing security vulnerabilities.

1.2 Incident Response Policies

  1. All communications regarding security incidents shall be by phone or encrypted email.
  2. All communications regarding security vulnerabilities shall be by phone or encrypted email, prior to general-audience announcements on vulnerabilities and their fixes.
  3. The organization or individuals reporting an incident or vulnerability shall not be identified to other parties.