Confirmed users
491
edits
Security/Archived/TeamEmbedding: Difference between revisions
Jump to navigation
Jump to search
Security/Archived/TeamEmbedding (view source)
Revision as of 18:57, 13 February 2012
, 13 February 2012→What is team embedding?
| Line 1: | Line 1: | ||
==What is team embedding?== | ==What is team embedding?== | ||
*Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to | |||
The Security Assurance team works across all development and innovation centers within Mozilla. Using an embedding strategy the SA team is involved with the design, planning, development and delivery of all products and applications. | |||
The Embedded Approach: | |||
* Establishes a cohesive approach where all parties have a vested interest in a successful project | |||
* Addresses security early in the life-cycle where changes are easier and less expensive | |||
* Increases efficiency by establishing the embedded security rep as an expert on the specific application / product | |||
* Functions across all portions of the organization to create a holistic view of organizational risk | |||
* Creates a centralized body of security expertise that can implement standardized security procedures across the organization | |||
Expectations: | |||
*Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to implementation. | |||
*Expect to spend at least a few hours a week with the team. | *Expect to spend at least a few hours a week with the team. | ||
*Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled. | *Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled. | ||