Status Documentation

Experimenting With Better Practices

The Security Experiment consists of a Security Process and potentially a few
one-time projects, like retroactively threat-modeling the app and setting up
the security-related automation features.

This experiment starts in a limited amount of teams (pilot) and to be expanded
if successful.

Objectives

  • build security culture in the organization;

  • implement “security first” approach to building our projects.

Key Results

  • Security Champions are identified;

  • There is a security-related community in the organization;

  • The projects are build using the best practices of secure development
    (including automation);

  • Each team has a security contact;

  • All the new features get security & privacy assessments;

Timeline / Checkpoints

Length of the experiment: 3 months

Experiment starts July, 25th

Check-ups:

  • after month 1 (Aug, 23th)

    • assessment of key results and security perception/awareness within

    • Status;

    • Polly check-ups with security champions;

    • Retrospective/1:1s with security champions;

    • Retrospective with each of the pilot teams.

  • after month 2 (Sept, 24th): TBD

  • after month 3 (Oct, 23th): go/no-go decision + TDB

Teams

Pilot (month 1)

  • Wallet

  • DApps

Next up (if we are satisfied with the results):

  • Chat

  • Infra

  • Mobile-app

Last update: 2019-04-19
On this page