...
- Establish a small (3-4 member) Security Issue Review (SIR) Team to look at any newly identified security related issue that comes to the project’s attention. This team will be made up of the following: the Security WG chairperson, at least one other TSC member, and at least one person from the community with a security and threat assessment background. The SIR Team and the project will address the issue per the Response Process outlined below.
- The SIR Team will be chosen each year at the time of the EdgeX TSC voting. [Allowing for this to be by volunteerism, vote, or selection]
- The TSC will approve of the SIR Team members.
- The Security WG chairperson will appoint replacements in the event that any member cannot complete their year of service.
- Establish a security mailing address (security-issues@edgexfoundryissues@lists.edgexfoundry.org) to allow the user community a means to report security issues to the project. Mail from this address will be automatically forward to the SIR Team. In the future, a public/private key system could be established to encrypt the data in the email to more securely pass the potential vulnerability to the SIR Team.
- Establish a security landing page to outline the following (this page should be reachable via the EdgeX Web site home page):
...