diff --git a/SecurityPolicy.html b/SecurityPolicy.html index 0b38808..11cf53f 100644 --- a/SecurityPolicy.html +++ b/SecurityPolicy.html @@ -801,13 +801,13 @@ Additions to the team are approved by Board The primary tasks are:

  1. - Keep the code secure, + Keep the code secure in its operation,
  2. Fix security bugs, including incidents,
  3. Audit, Verify and sign-off proposed patches,
  4. - Assist Systems Administration team in inserting patches, + Guide Systems Administration team in inserting patches,
  5. Provide guidance for architecture,
@@ -821,25 +821,21 @@ In principle, anyone can submit code changes for approval.

7.3. Repository

-The application code and patches are maintained in a -central version control system by the +The application code and patches are maintained +in a central repository that is run by the software development team.

-

-The integrity of the central version control system -is crucial for the integrity of the applications running -on the critical systems. -

-

7.4. Review

-Patches are signed off by the team leader +At the minimum, +patches are signed off by the team leader or his designated reviewer. Each software change should be reviewed by a person other than the author. -Author and sign-off must be logged. +Author and signers-off must be logged. +The riskier the source is, the more reviews have to be done.

7.5. Test and Bugs

@@ -853,9 +849,10 @@ Test status of each patch must be logged.

Software Development team maintains a bug system. Primary communications should go through this system. -Access should be granted to all software developers, -systems administrators, and patch contributors. -Access may be granted to other Members. +Management access should be granted to all software developers, +and systems administrators. +Bug submission access should be provided to +any Member that requests it.

7.6. Handover