Jump to content

Wikimedia Security Team/AppSec Quarterly Roadmap Estimates/Q1 2023

From mediawiki.org

Minutes for the Security Team's Q1 2023 (July to September 2022) Quarterly Work Estimates

Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF), CLemoisson_(WMF)

This a quarterly estimate of work allocations for members of the Application Security Team. These incorporate all types of work, from recurring operational activities to OKRs, 20% time and work done in our "spare time". These estimates should serve as a high level overview of "what is the AppSec Team working on this quarter?", which can otherwise be a bit difficult to parse with many separate sources of record: Phabricator, Gerrit, Betterworks, Know Your Team, Random Google docs, Random conversations with managers, etc.

MMartorana

[edit]
Work Time Spent, Est
Operational Work (Clinic, Sec Releases, Reviews) 50%
Other project work 20%
PDP/20% Time - SANS course, DevSecOps course 30%

MStyles

[edit]
Work Time Spent, Est
Operational Work (Clinic, Sec Releases, Reviews) 50%
Pentesting Management 40%
PDP/20% Time - Phabricator Security Bot 10%

Reedy

[edit]
Work Time Spent, Est
Operational Work (Clinic, Other Bugs) 25%
Security Release Work 50%
Code Quality Work 25%

SBassett

[edit]
Work Time Spent, Est
Operational Work (Clinic, Sec Releases, Reviews) 50%
StopForumSpam Deploy Planning 20%
Other project work 10%
PDP/20% Time - How To Perform Review doc 20%