[bisq-network/projects] Establish Security Team (#33)

Florian Reimair notifications at github.com
Wed May 6 07:41:22 UTC 2020

> _This is a Bisq Network project. Please familiarize yourself with the [project management process](https://bisq.wiki/Project_management)._

## Description
<!-- Briefly summarize the proposed project. Strive for one or two sentences of plain language that any user, contributor or stakeholder will understand. -->

"In the wake of the Apr 7th security incident, it's clear that we need to take our security practices to the next level. " ([cbeams](https://github.com/bisq-network/admin/issues/75))

The purpose of this project is to create and follow a roadmap to establish a security team in terms of management structure, its duties, authority and responsibilities.

## Rationale
<!-- Make the case for the the project. Why is it important? Why should it be done now? What will happen if we don't do it or delay doing it? -->

I propose and drive the following strategy to get to a point where a "security team" can be effective:

**short intro video** I will create a short video presentation where I introduce the idea of a security team by taking a look at the past and also by taking a look at the future, what happened already, what will happen eventually. In the course of the presentation I will be asking questions on how such a security team can look like, in terms of definitions, agenda and also how it can integrate with the Bisq DAO.
**call agenda** I will create a (template) gdoc accompanying the presentation where everyone is welcome to share their thoughts on the questions I asked. This very gdoc will become the agenda for the kickoff-call held week 20/2020.
**call** The call will have discussions and decisions on the agenda points. One followup call can be held if the discussion needs regrouping. I will host and moderate these calls.
**let the DAO decide** The outcome of the call(s) is going to be formed into a [Bisq proposal](https://github.com/bisq-network/proposals) ready to be accepted or rejected by the Bisq DAO in cycle 13 (around May 20th, 2020).
**done** If and only if the DAO approves the proposal, the information will be transcribed into the Bisq wiki and the security team can take up its work.

#### Why should it be done now?


## Criteria for delivery
<!-- Make a checklist defining the end state of the project. How will we know that the project is complete, i.e. delivered? What will exist at the completion of this project that does not exist now? What will have changed? What communications, promotions and/or documentation will exist to ensure people know about these changes? -->

- [ ] the DAO decided on the security team structure
- [ ] if it is decided that there is a security team similar to Dev/Growth/Ops/Support, then 
  - create a proposal in [bisq proposals](https://github.com/bisq-network/proposals)
  - deliver a Team description in the [bisq wiki](https://bisq.wiki/Category:Contributor_Docs)
  - include duties
  - include authorities
  - include responsibilities
  - include an agenda covering short, mid and long term goals

## Tasks
<!-- Make a checklist defining in as much detail as is foreseeable who will need to do what in order to deliver the project. The checklist may be modified throughout the course of the project as new tasks emerge. Alternatively, once the project proposal is approved, you may choose to migrate the task checklist to a dedicated GitHub project board. -->

- [ ] create gdocs to hold agenda for the kickoff call
- [ ] create and publish kickoff presentation
- [ ] schedule and hold kickoff call
- [ ] schedule and hold follow-up call if necessary
- [ ] create [proposal](https://github.com/bisq-network/proposals) to be voted on by the DAO to seal the security team
- [ ] transcribe contents of approved proposal to Bisq wiki

## Notes
<!-- Include anything else worth mentioning about this project. This section is optional and should be omitted if empty. -->

I set the labels according to the progress that is already made. Please adjust if necessary. Also, I skipped some headline because it seemed to me that it is already decided that we do this project and cannot guess why the admin team wants the security team.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20200506/7c42c277/attachment-0001.html>

More information about the bisq-github mailing list