Difference between revisions of "Project Proposals/SRT"

Latest revision as of 17:15, 13 August 2016

Name

Security Response Team

Project Contact Name and Email

Andi Rowley <andi.rowley@c9h.org>

Repository Name

srt

Description

Key security activities performed by the SRT include:

• Conduct the risk assessment and use the results to supplement the base line security controls;

• Analyze security requirements;

• Perform functional and security testing;

• Prepare initial documents for system certification and accreditation; and

• Design security architecture.

• Maintain CPE registrations with the NIST on behalf of all FD.io projects

• Monitor National Vulnerability Database for issues which may apply to CPEs registered by FD.io

Scope

The scope of this project includes

• Security aspects of SDLC
• Development and maintenance of security response SOPs
• Development and Management of security policy documents
• NIST CPEs

Initial Committers

Vendor Neutral

No issue regarding vendor neutrality.

Meets Board Policy (including IPR, being within Board defined Scope etc)

Meets board policy as expressed in Technical Community Charter and IP Policy

Administrata

• Request for Project proposal consideration
  • Email
  • Date: July 25th 2016

External links

• http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-64r2.pdf
• https://nvd.nist.gov/cpe.cfm
• https://web.nvd.nist.gov/view/vuln/search
• https://wiki.debian.org/Teams/Security