Review and define actions related to Security Policy
Security Issue Policies and Processes
- We need to provide guidance and some notion of "safe harbor" so that people can feel free to report bugs/problems and not be concerns with legal implications. The thinking is that this should come from the OLF. Should be done by OLF Legal Council. Mike to raise with Ginny Boyer for action BY April 1, 2020.
- Need to define the support policy in terms of which versions will be supported and addressed with this policy. Should be defined by the Product Council - ideally completed by March 31, 2020. Mike to raise issue with Jesse BY April 1, 2020.
- Need to define the process by which this group is selected. This is not an honorary role - this is a commitment and work will need to be done as soon as issues come up. Tech Council will select the initial group. Each TC member will consider nominations for next meeting (April 1, 2020).
- Create a presence for security - including a place for this document to live so that it's public and available, and contacts, reporting methods and email addresses to be used are clear, how the members may (or may) not be mentioned, contacted, etc. Should be done by the (new) team
- Ideally target July 1, 2020 to have these completed