Discussion Draft: Foundation Incident Response Plan

[UlisesGascon]

This is a draft version of the Foundation’s Incident Response Plan.

Please feel free to comment per line or add general feedback directly in this PR.

The main goal is to kick off the discussion so we can refine and agree on the process in our next meeting on Monday and keep iterating this PR between meetings...

Nothing here is final at all... placeholders (🍿 @Discussion) are meant to capture open questions for the group.

[RafaelGSS]

I wonder if we could merge nodejs/security-wg#1511 here.

[shusak]

I believe we have to be specific on the details that are provided in order to have a "quality" report that avoids a lot of clarifications.

[UlisesGascon]

I assume that big part of it can be "shaped" in the web form (required fields, validation...)

[bensternthal]

I think this should be in order of most often occurring to least likely to occur

[UlisesGascon]

Agree with the idea, but not sure what is the best order... feel free to open a suggestion 👍

[bensternthal]

I think we should decide how communication and work here is co-ordinated. For example a common practice is that when an incident occurs, the incident commander creates a dedicated slack channel to facilitate communication.

[RafaelGSS]

I think we should have a more straightforward workflow in the event of a severe report.

For instance, if the report is from a Low ~ High vulnerability score, we follow the current runbook. However, we should have a direct line if the vulnerability is a potential Critical/Severe score.

[UlisesGascon]

For our next meeting... pending items:

• a straightforward workflow in the event of a severe report (ref) @RafaelGSS
• how communication and work here is co-ordinated (ref) @bensternthal
• Potential team members (nomination process, etc..)
• Sort categories (ref) @bensternthal
• report quality (ref) @shusak