diff --git a/SecurityPolicy.html b/SecurityPolicy.html index 49842cf..1a78fa9 100644 --- a/SecurityPolicy.html +++ b/SecurityPolicy.html @@ -4,6 +4,42 @@
Creation date: 20090216
-Status: DRAFT 20090327
+Status: DRAFT 20090327
+
+Changes: WIP 20090915
+work-in-progress additions are in BLUE
+ (unvoted / nonbinding)
+work-in-progress deletions are struck-out in black
+but still DRAFT/binding
+some random comments in GREEN added
+Systems administration is to provide a limited environment +to Applications Engineers in order to install and maintain +the application. +
+ +
+
Software assessment takes place on various test systems
(not a critical system). See §7.
Once offered by Software Assessment (team),
system administration team leader has to
approve the installation of each release or patch.
+
+
Any changes made to source code must be referred
back to software assessment team
and installation needs to be deferred
until approved by the Software Assessment Team.
+
+
Requests to systems administration for ad hoc queries
over the database for business or similar purposes
must be approved by the Arbitrator.
+
-Only System Administrators designated on the Access Lists +Only System Administrators +and Application Engineers +designated on the Access Lists in §3.4.2 are authorized to access accounts, unless specifically directed by the Arbitrator.
@@ -825,7 +899,7 @@ infrastructure is not available.Software assessment team is responsible -for the security of the code. +for the security and maintenance of the code.
-The primary tasks are: +The primary tasks for Software Assessors are:
+The primary tasks for Application Engineers are: +
++The development code and testing patches are maintained +in a central development repository that is run by the +software assessment team. +
+ ++The production code is maintained in a secure production repository +within the critical systems that is run by the +systems administation team. +Access is made available to the Application Engineers. +
+@@ -895,10 +1010,30 @@ Bug submission access should be provided to any Member that requests it.
-+Application Engineers are roles within Software Assessment +team that are approved to install into production the +patches that are signed off. +Once signed off, the Application Engineer +commits the patch from the development repository +to the production repository, +and installs the patch from the production repository +into the running code. +The Application Engineer is responsible for basic +testing of functionality and emergency fixes, +which then must be back-installed into the repositories. +
+ ++Requests to Application Engineers for ad hoc queries over the database for business or similar purposes must be approved by the Arbitrator. +
-Once signed off, software assessment (team leader)
+
+Once signed off,
+software assessment (team leader)
coordinates with systems administration (team leader)
to offer the upgrade.
Upgrade format is to be negotiated,
@@ -906,21 +1041,26 @@ but systems administration naturally has the last word.
Software Assessors are not to have access
to the critical systems, providing a dual control
at the teams level.
+
+
If compilation and/or other processing of the
application source code in the version control system
is necessary to deploy the application,
detailed installation instructions should also be
maintained in the version control system and offered to the
System Administrators.
+
+
Systems administrators copy the patches securely
from the software assessment repository
onto the critical machine.
+
See §3.3.