canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Process/Agile: Difference between revisions
Jump to navigation
Jump to search
→Tools
No edit summary |
(→Tools) |
||
| Line 8: | Line 8: | ||
*[https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHJlUVJ5TGcyYWZTbVlMOHBKU3Y4Z2c&usp=drive_web#gid=1 Sprint Overview GoogleDoc] | *[https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHJlUVJ5TGcyYWZTbVlMOHBKU3Y4Z2c&usp=drive_web#gid=1 Sprint Overview GoogleDoc] | ||
*[https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdFNtV0JNX091UWhKRTIxbTRKQl9FeHc&usp=drive_web#gid=0 StandUp GoogleDoc] | *[https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdFNtV0JNX091UWhKRTIxbTRKQl9FeHc&usp=drive_web#gid=0 StandUp GoogleDoc] | ||
* [Risk Rating table] https://wiki.mozilla.org/Security/RiskRatings | |||
==Preclearance criteria== | |||
Bugs that need risk review: | |||
* bugs not ready for a full appsec/opsec review but need a risk level assigned | |||
** if a bug does not have a [score= in the whiteboard we will assume the bug is in this category | |||
Bugs that need architecture review: | |||
* Bug has a risk rating of medium or higher | |||
* architecture diagrams are provided by the development team | |||
Bugs ready for code review: | |||
* bug has a risk review (i.e.[score=low] in the whiteboard) | |||
* code is complete and link to it’s repository has been provided | |||
* if necessary, a staging/dev environment has been provided for us that we can use to test against | |||
* architecture/data flow or other diagrams have been provided by the development team appropriate for the level of risk identified for the bug | |||