Wikimedia Security Team/AppSec Quarterly Roadmap Estimates/Q3 2022
Appearance
Minutes for the Security Team's Q3 2022 (January to March 2022) Quarterly Work Estimates
Attending: MMartorana, MStyles, SBassett
This a quarterly estimate of work allocations for members of the Application Security Team. These incorporate all types of work, from recurring operational activities to OKRs, 20% time and work done in our "spare time". These estimates should serve as a high level overview of "what is the AppSec Team working on this quarter?", which can otherwise be a bit difficult to parse with many separate sources of record: Phabricator, Gerrit, Betterworks, Know Your Team, Random Google docs, Random conversations with managers, etc.
MMartorana
[edit]Work | Time Spent, Est |
---|---|
Clinic/Security Bugs | 5% |
Security Release | 5% |
AppSec Pipeline | 50% |
AppSec Security Reviews | 20% |
20% Time - OSWE course study, PentesterlabPRO | 20% |
MStyles
[edit]Work | Time Spent, Est |
---|---|
Clinic/Security Bugs | 5% |
Security Releases | 5% |
Pentesting Management | 25% |
Security Awareness | 25% |
AppSec Security Reviews | 20% |
20% Time - Security API | 20% |
Reedy
[edit]Work | Time Spent, Est |
---|---|
Clinic Work/Security Bugs | 5% |
Security Release Work | 50% |
Code Quality Work | 25% |
20% Time -Â ? | 20% |
SBassett
[edit]Work | Time Spent, Est |
---|---|
Clinic/Security Bugs | 10% |
Security Release | 10% |
AppSec Pipeline | 40% |
AppSec Security Reviews | 20% |
20% Time - How To Perform Review doc | 20% |