[Foundation-discuss] Appointment of Security Officer(s)

Dave Botsch botsch@cnf.cornell.edu
Fri, 8 Apr 2016 13:08:53 -0400 

The Board recently passed the below resolution.



Board Resolution of OpenAFS Foundation, Inc Appointing Security Lead and Assistant Security Leads

Appointment of Officers

Duly passed on: March 18, 2016

RESOLVED, that the following persons are elected to the office(s) indicated, until their successor(s) shall be duly elected, unless he or she resigns, is removed from office, or is otherwise disqualified from serving as an officer of this corporation, to take their respective office(s) immediately upon such appointment:

Office: Security Lead, interim, Ben Kaduk

Office: Assistant Security Lead, Jeff Hutzelman
Office: Assistant Security Lead, interim, Mark Vitale
Office: Assistant Security Lead, Stephan Wiesand

RESOLVED FURTHER, that such officers of this corporation are, and each acting
alone is, hereby authorized to do and perform any and all such acts, as such
officers shall deem necessary or advisable, to carry out the purposes and
intents of such offices, per the attached job description.

RESOLVED FURTHER, that any actions taken by such officers prior to the day of the foregoing resolutions adopted hereby that are within the authority conferred thereby are hereby ratified, confirmed, and approved as the acts and deeds of this corporation.

It is hereby certified by the undersigned that the foregoing resolution was duly passed by the Board of Directors of the OpenAFS Foundation, Inc. on the DAY of MONTH, YEAR, in accordance with the By-Laws and the Articles of Incorporation of the OpenAFS Foundation, Inc. and the laws and by-laws governing the OpenAFS Foundation, Inc. and that the said resolution has been duly recorded and is in full force and effect.

Attachment:

        The Security Lead will oversee the Assistant Security
        Leads and may delegate responsibilities and tasks as he/she
        sees fit. The Security Lead, along with the Assistants, is
        responsible for reviewing OpenAFS code and standards for
        potential and reported security vulernabilites.  The Security
        Lead will be the first point of contact for reported security
        vulnerabilities.

        In the case of a known security vulernability, the Security
        Lead may push and merge code in Gerrit without further review
        by the OpenAFS Gatekeepers and developers. The Security Lead
        will maintain an email alias and a signing key for the private
        reporting of security vulernabilities. The Security Lead will
        also maintain a queue in RT into which security issues may be
        tracked. The Assistant Security Leads shall have access to
        this security queue in RT.

        Under the direction of the Security Lead, the Assistants
        shall monitor and respond to issues in the RT queue. Again,
        under the direction of the Security Lead, the Assistants will
        triage privately reported security issues and assist with any
        code and/or protocol fixes.

	The Security Lead and assistants will be appointed by the OpenAFS
	Foundation Board per the by laws of the Foundation. The Security Lead
	may recruit additional informal volunteers for the purposes of
	assisting with OpenAFS security-related matters.


E. Margarete Ziemer
David Botsch
David Boldt
Todd DeSantis


-- 
********************************
David William Botsch
Programmer/Analyst
@CNFComputing
botsch@cnf.cornell.edu
********************************