Wikimedia Security Team/Security Review Scrum
The Security Review Scrum happens weekly and includes all relevant security engineers and the current scrum master. Updates to the backlog and active reviews (both concept and security) will be discussed along with any other related issues.
Rules of engagement
- If a security team member must miss a meeting, they should reach out to the scrum master (current) via email or on IRC with their updates as soon as possible.
Typical meeting flow:
- What reviews has each engineer worked on since we last met?
- What reviews will each engineer work on before we meet again?
- Is anything slowing an engineer down or getting in their way?
- Are any of our current reviews blocking another team's progress?
- Have estimated due dates for review deliverables been determined or updated for each review?
- Are there any issues with the current review process to discuss or table for a more focused meeting?
After the meeting
- Within 24 hours of the weekly scrum (though preferably in real time) a copy of the meeting minutes will be created under this wiki space. Example.
- Updates will be reported to Scrum of Scrums.
- The Director of Security will be notified of any issues.