Wikimedia Security Team/AppSec Quarterly Roadmap Estimates/Q3 2022

Minutes for the Security Team's Q3 2022 (January to March 2022) Quarterly Work Estimates

Attending: MMartorana, MStyles, SBassett

This a quarterly estimate of work allocations for members of the Application Security Team. These incorporate all types of work, from recurring operational activities to OKRs, 20% time and work done in our "spare time". These estimates should serve as a high level overview of "what is the AppSec Team working on this quarter?", which can otherwise be a bit difficult to parse with many separate sources of record: Phabricator, Gerrit, Betterworks, Know Your Team, Random Google docs, Random conversations with managers, etc.

MMartorana

edit
Work Time Spent, Est
Clinic/Security Bugs 5%
Security Release 5%
AppSec Pipeline 50%
AppSec Security Reviews 20%
20% Time - OSWE course study, PentesterlabPRO 20%

MStyles

edit
Work Time Spent, Est
Clinic/Security Bugs 5%
Security Releases 5%
Pentesting Management 25%
Security Awareness 25%
AppSec Security Reviews 20%
20% Time - Security API 20%

Reedy

edit
Work Time Spent, Est
Clinic Work/Security Bugs 5%
Security Release Work 50%
Code Quality Work 25%
20% Time - ? 20%

SBassett

edit
Work Time Spent, Est
Clinic/Security Bugs 10%
Security Release 10%
AppSec Pipeline 40%
AppSec Security Reviews 20%
20% Time - How To Perform Review doc 20%