Establish Security Team

[freimair]

This is a Bisq Network project. Please familiarize yourself with the project management process.

Description

"In the wake of the Apr 7th security incident, it's clear that we need to take our security practices to the next level. " (cbeams)

The purpose of this project is to create and follow a roadmap to establish a security team in terms of management structure, its duties, authority and responsibilities.

Rationale

I propose and drive the following strategy to get to a point where a "security team" can be effective:

short intro video I will create a short video presentation where I introduce the idea of a security team by taking a look at the past and also by taking a look at the future, what happened already, what will happen eventually. In the course of the presentation I will be asking questions on how such a security team can look like, in terms of definitions, agenda and also how it can integrate with the Bisq DAO.
call agenda I will create a (template) gdoc accompanying the presentation where everyone is welcome to share their thoughts on the questions I asked. This very gdoc will become the agenda for the kickoff-call held week 20/2020.
call The call will have discussions and decisions on the agenda points. One followup call can be held if the discussion needs regrouping. I will host and moderate these calls.
let the DAO decide The outcome of the call(s) is going to be formed into a Bisq proposal ready to be accepted or rejected by the Bisq DAO in cycle 13 (around May 20th, 2020).
done If and only if the DAO approves the proposal, the information will be transcribed into the Bisq wiki and the security team can take up its work.

Why should it be done now?

bisq-network/admin#75

Criteria for delivery

• the DAO decided on the security team structure
• if it is decided that there is a security team similar to Dev/Growth/Ops/Support, then
  • create a proposal in bisq proposals
  • deliver a Team description in the bisq wiki
  • include duties
  • include authorities
  • include responsibilities
  • include an agenda covering short, mid and long term goals

Tasks

• create gdocs to hold agenda for the kickoff call
• create and publish kickoff presentation
• schedule and hold kickoff call
  - [ ] schedule and hold follow-up call if necessary
• create proposal to be voted on by the DAO to seal the security team
• transcribe contents of approved proposal to Bisq wiki

Notes

I set the labels according to the progress that is already made. Please adjust if necessary. Also, I skipped some headline because it seemed to me that it is already decided that we do this project and cannot guess why the admin team wants the security team.

[freimair]

• DAO proposal has been put up for voting in cycle 13 and has been accepted.

please see the details on deliverables there.

[cbeams]

Nit: When closing project (and proposal) issues please use the form "Closing as [status]'. In this case, "Closing as delivered" would be appropriate (followed by any additional notes). Adhering to this convention makes it easy to see at a glance why the issue was closed from the context of email notifications, obviating the need in many cases to click through to the web interface.

Thanks for adding the label appropriately.