[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security review
From: |
Libor Polčák |
Subject: |
Security review |
Date: |
Tue, 4 Jan 2022 15:00:02 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53.9.1 |
Hello all,
see below the details of the security review for the project. Who wants to
attend? I think that me and Giorgio are the most critical. Martin, Marek, and
Matúš can join if they wish.
I thinks that we should try to schedule the review between 17.1. and 4.2. Do
you have any preferred time? Do you have any time to avoid? Please let me know
by the end of the week.
Thanks
Libor
-------- Security review --------
*Getting started*
To get started with the basic security quickscan we would like to invite you to
our internal secure chat environment (a separate RocketChat instance). In the
chat you can directly communicate with a ROS auditor and follow along the
process of the quickscan. We call this concept Peek-Over-Our-Shoulder.
To onboard you to the chat, we need the full name and e-mail address of
everyone on your team you would like to involve. Once we receive the requested
information we will send you a link to set your password for our chat
environment and gitlab, and the client onboarding manual.
*Basic security quickscan*
The grant allocated two (2) person days for the basic security quickscan for
every NLnet NGI0 project. The two days will allow a ROS auditor to give you
high-level security advice about your project. The number of days is limited to
be able for us to support all the NLnet NGI0 projects. In case more days are
needed, this could be discussed with NLnet. We advise you to contact us sooner
rather than later for the basic security quickscan so we can go forward with
scheduling the quickscan and discussing how to help you based on your project
plan, expected milestones and outcomes.
*Stay in touch and informed*
Please keep in mind that due to the 2-day time constraint we believe it's
especially important to have a close communication loop so the allocated
resources can be used effectively. Therefore we encourage you to check in with
the chat regularly once the quickscan starts so that we can deliver the best
value for your project.
- Security review,
Libor Polčák <=