less strict requirements, if needed, for security reviewers #142
Comments
ultrasaurus
added
the
assessment-process
|
Is this qualification to be a member, or to be a mentor? |
|
to be a mentor... latest idea is to simply call this role a "security reviewer" . -- should have referenced PR: https://github.com/cn-security/safe/pull/125/files#diff-e986a9a43ab06061c021c47c9a089b32 |
ultrasaurus
changed the title
|
perhaps instead of "strict" or other qualitative attributes, we enumerate the specific skills desired for a given review, eg:
and allow volunteers to self-identify with those skills via some tangible evidence:
then it becomes more of a mapping exercise of selecting a review team with members that cover the specific skills needed, recognizing that very few will have all the necessary (deep) domain expertise for a given review. |
|
This issue has been automatically marked as inactive because it has not had recent activity. |
|
Closing as overcome by events. Recent Security Assessment process updates refined this a little and seems to work for now. Can reopen/revisit later. |
At the moment, we can consider ourselves in "bootstrap" mode. The following qualification are a bit more representative of the current working group and could serve to facilitate a reasonable process if needed.
Qualifications
WG will strive to establish that the two mentors have diverse experience, covering some of the ideal qualifications below. Exemptions may be granted by the WG chairs, expected to bootstrap the process but only in extreme cases later on.
To aid in this process, WG members are encouraged to provide a profile with a synopsis of their background with respect to their relevant experience.
Requirements
Ideal
Note that it is encouraged to have participation (shadowing) from participants that are not
yet qualified to help them gain the necessary skills to be a SAFE mentor in the future.
The text was updated successfully, but these errors were encountered: