10
edits
Security/Firefox/Security Bug Escalation Process: Difference between revisions
Security/Firefox/Security Bug Escalation Process (view source)
Revision as of 06:33, 30 January 2018
, 30 January 2018Add assumption
(reword uplift text) |
(Add assumption) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
=== Assumption === | |||
Security bug fix process needs clearly defined escalation process to be effective | Security bug fix process needs clearly defined escalation process to be effective | ||
== Bug management/escalation process == | === Bug management/escalation process === | ||
#Two days after a sec-crit or sec-hi bug was assigned, if no update on the bug, the assignee will | #Two days after a sec-crit or sec-hi bug was assigned, if no update on the bug, the assignee will receive an overdue email. If no activity on the bug for another day, assignee’s manager will be needinfo-ed, This step will continue to escalate every 3 days until the bug is updated with next step. The escalation process stops when an assigned developer provide an update on how to land the patch with estimate. | ||
#Weekly security bug status report will be send to engineering managers, engineering directors, Head of Trust and Safety, and release | #Weekly security bug status report will be send to engineering managers, engineering directors, Head of Trust and Safety, and release managers. | ||
#Every two weeks, the stakeholders will meet to review the sec-hi and sec-crit bug status for a relevant releases. Each role is defined in [http://www.brighthubpm.com/six-sigma/29633-daci-for-decision-making/] | #Every two weeks, the stakeholders will meet to review the sec-hi and sec-crit bug status for a relevant releases. Each role is defined in [http://www.brighthubpm.com/six-sigma/29633-daci-for-decision-making/] | ||
## Roles of stakeholders: | ## Roles of stakeholders: | ||
##* Driver: Wennie Leung | ##* Driver: Wennie Leung and Dan Veditz | ||
##* Approvers for uplift and exception: Dan Veditz, Wennie Leung, Release owner of a relevant release (rotating) | ##* Approvers for uplift and exception: Dan Veditz, Wennie Leung, Release owner of a relevant release (rotating) | ||
##* Consult/Contributor: Marshall Erwin, Director of Trust and Safety; Emma Humphries, Bugmaster. | ##* Consult/Contributor: Marshall Erwin, Director of Trust and Safety; Emma Humphries, Bugmaster. | ||
##* Informed: Engineering Directors: Selena Deckelmann, Joe Hildebrand, Chris Karloff | ##* Informed: Engineering Directors: Selena Deckelmann, Joe Hildebrand, Chris Karloff, Yan Or | ||
## Meeting agenda: | ## Meeting agenda: | ||
##* Review the security bug status | ##* Review the security bug status | ||