Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 52

Handbook: Security rituals update. (#5317)

Browse source 
* Handbook: Security rituals update.

Added a table with security team's rituals in the table format provided by Mike T and approved my Mike M.

* Update security.md

Fixed a few typos

Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>
This commit is contained in:
Nathanael Holliday 2022-04-25 12:05:35 -05:00 committed by GitHub
parent 15de798e78
commit ed66fac362
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
handbook/security.md
View file

@ -792,6 +792,24 @@ We use [Dependabot](https://github.com/dependabot) to create pull requests to up
We ensure the fixes to vulnerable dependencies are also performed according to our remediation timeline. We fix as many dependencies as possible in a single release.
## Security Rituals
| Ritual | Frequency | Description | DRI |
|:-----------------------------|:-----------------------------|:----------------------------------------------------|-------------------|
| Security notifications check | Daily | Check Slack, Google, Vanta and Fleet dogfood for security related notifications. | Guillaume Ross |
| GitHub check | Weekly | Check GitHub security issues for anything pending analysis or prioritization. | Guillaume Ross |
| Iteration planning | Every three weeks | Prioritize issues in GitHub security project for the next iteration. | Guillaume Ross |
| YubiKey adoption | Monthly | Track YubiKey adoption in Google workspace and follow up with those that aren't using it. | Guillaume Ross |
| Dogfood policy update | Monthly | Edit Fleet dogfood policies that check for version numbers of Chrome, Docker and macOS. | Guillaume Ross |
| Security blog post | Monthly | Publish a security related blog post to Fleet's blog. | Guillaume Ross |
| Security lunch & learn | Monthly | Educational live stream session on cybersecurity for Fleet employees, sessions are later shared for public consumption on YouTube. | Guillaume Ross |
| MDM device enrollment | Quarterly | Provide export of MDM enrolled devices to ops team. | Guillaume Ross |
| Access revalidation | Quarterly | Review critical access groups to make sure they contain only relevant people. | Guillaume Ross |
| Snyk scan | Quarterly | Scan Fleet repo with Snyk to identify important vulnerabilities that were not identified by GitHub. | Guillaume Ross |
| Security conference review | Quarterly | Look at upcoming security conferences and work with the growth team to determine whether Fleet should submit to attend. | Guillaume Ross |
| Security policy update | Annually | Update security policies and have them approved by the CEO. | Guillaume Ross |
## Slack channels
This group maintains the following [Slack channels](https://fleetdm.com/handbook/company#group-slack-channels):