Strawman Security Policies

From OPeNDAP Documentation
⧼opendap2-jumptonavigation⧽
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Strawman Security Policies

These policies are currently in work by the Security Working Group.

General Policies

  1. A Chief Security Officer (CSO) and Deputy CSO for OPeNDAP.org shall be designated.
  2. OPeNDAP.org shall identify the specifications and software products for which it is the party responsible for addressing security vulnerabilities.

Incident Response Policies

  1. All communications regarding security incidents shall be by phone or encrypted email.
  2. All communications regarding security vulnerabilities shall be by phone or encrypted email, prior to general-audience announcements on vulnerabilities and their fixes.
  3. The organization or individuals reporting an incident or vulnerability shall not be identified to other parties.