The purpose of the Security team is to define which risks the company is exposed to and mitigate them to a business-acceptable level.
We need to make sure the security best practices are being applied and guarantee the security of our applications and find and respond to new vulnerabilities and incidents, ensuring the confidentiality, integrity, and availability of our services.
- Giovani Salvador: Senior Manager
- Hiago Hubert: Senior Security Engineer
- Renata Juraski: Junior Security Engineer
- Company Scale - Scale and build a strong (Security) Team, (while: Securing other teams´ growth)
- Revenue Stream - Grow the business, driving ARR
- Customer Centric - Productize internal services or processes, applying a CC-attitude
- Enterprise Product - Establish industry leadership as B2B comms platform
- Community Engagement - Increase dev relationships (incl. White hats)
The objective of the security team is to help everyone to keep Rocket.Chat and our customers secure. We can only achieve that when we all work together!
Discussion Channels
- RC security channel - day-to-day conversation, invite on request
- RC important - company-wide announcements
- RC-security-team - team-internal conversations, all team members are added during onboarding
Mailing lists
- Security mailing list - all things related to security
- Privacy mailing list - all things related to [email protected]
Public
- Security solutions - summary of security features of the product
- Invitation to contribute to security - Disclosure policy
Reporting or communicating incidents and vulnerabilities
- Security mailing list
- Reach out to any of the security team members listed here
- Refer to the internal handbook page in this link.
Playbooks help us to standardize certain processes around security and enable transparency on how we work. The following are the security playbooks.
Refer to Security Playbooks