Growing the Ubuntu Security Team community

Registered by Kees Cook

As the Ubuntu SecurityTeam wiki pages grow, we need to build the community. Discuss improvements to the GettingInvolved and FAQ pages, as well as another other methods to help grow the security community around Ubuntu.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Marc Deslauriers
Direction:
Needs approval
Assignee:
None
Definition:
Discussion
Series goal:
None
Implementation:
Informational Informational
Milestone target:
None

Related branches

Sprints

Whiteboard

* Current Status
 * contributions to universe updates
  * perhaps take advantage of the fact that people can hone their skills
    through security work
 * contributions to main updates
 * contributions to proactive security features
  * SecurityTeam/Roadmap

* Brainstorm on community participation
 * IRC workshops?
 * Blogs?
 * "Universe packages of the week?"-- this would help, but only if you are
   also available (we'll be in #ubuntu-security on ...)
 * leverage the community team to get the information out
 * Better tools?
 * communication about needed apparmor profiles could be improved
 * some focused event like suspend/resume with kernel team or maybe hug days.
   this could be done with apparmor profiles ('Apparmor Week')
 * always participate in Ubuntu Developer Week
 * participate with security documentation
 * maybe talk about what our needs are (eg universe, apparmor profiles, etc)
 * participate with Hall of Fame or 5-a-day
 * harvest
 * get 6 month/yearly report and publish it to make security team more
   visible
 * automated test cases could be created for each release (autohotkey for
   Windows allows to replay GUI actions for testing a PoC)
 * perhaps look into applications to replay actions
 * have a ppa to pull profiles from profile repositories and make them
   available
 * communicating the security team's needs can be handled (in part) by the
   community team
 * make testing very easy
  * make-test-tarball is a start, butalso need to
   create VMs easily. vm-tools is a start, but needs to be even easier (maybe
   grab an image from somewhere...)
 * Partici

* Philosophy
 * be interested in them personally first (eg, ask them their opinion)
 * go to IETF and talk up Ubuntu to attract security people (as opposed to
   community people)
 * possibly bring people in as consultants so they are interested in developing
   on Ubuntu
 * work closely with Debian
 * focus and ask what is keeping people from adopting Ubuntu
 * talk to server team about a survey about features. many of these will likely
   be security features
  * we should also identify several areas where we become experts and give all
    the information-- eg if a salesperson is in front of a potential client and
    is asked 'tell me about all your logging software' or 'tell me all the ways
    you handle user credentials and authentication'

* Review the security wiki
  - What works
  - What doesn't
  - What's missing

* New features
 * auditd
 * booth or presence at RSA conference
 * user-friendly credentials management

(?)

Work Items