Skip to content

Latest commit

 

History

History
26 lines (23 loc) · 1.71 KB

ISRT_workflow.md

File metadata and controls

26 lines (23 loc) · 1.71 KB

Islandora Security Response Team (ISRT)

  1. Received Email forwarded from “security@Islandora.ca
  2. Respond to person and gather more information on the reported issue.
  3. Create a Duraspace Ticket, tagged as security or sensitive (TBD)
  4. Arrange to Convene a ISRT call within 2 business days of the original report
    A determination if any additional people should be included in the call and or resolution development
  • Roadmap Committee member(s)
  • Committer(s)
  • Repository Maintainer(s)
  • Other
    Only Private Communication channels will be used until the fix is public
  1. Develop an initial security assessment report of the risk and impact.
  2. If the Repository manager isn't involved a ISRT member will be assigned as the tester and is excluded from code development for this fix
  3. Send initial report to a representative of the Islandora Foundation.
  4. Develop a fix with the decided parties
  5. Provide a fix in the form of a patch or an update to repository associated with the incident. README.md will be update if needed.
  6. The assigned tester will test the patch when ready
  7. A member that worked on the code will submit a Pull request
  8. The assigned tester will Merge Pull request
  9. A final report will be sent to ISIG and a representative of the Islandora foundation
  • Note: The only communication required to be public is the Duraspace ticket after fix is accepted and will be done by a representative of the Islandora foundation

Occasionally an email will be sent to ISRT to determine which members wish to continue to be on the response team.

The is a set time to respond, otherwise it is assumed the member is no longer interested in volunteering for the ISRT responsibility.