Wikimedia Security Team/Security Review Scrum
The Security Review Scrum happens weekly and includes all relevant security engineers and the current scrum master. Updates to the backlog and active reviews (both concept and security) will be discussed along with any other related issues.
Rules of engagement
- If a security team member must miss a meeting, they should reach out to the scrum master (current) via email or on IRC with their updates as soon as possible.
Typical meeting flow:
- What reviews has each engineer worked on since we last met?
- What reviews will each engineer work on before we meet again?
- Is anything slowing an engineer down or getting in their way?
- Are any of our current reviews blocking another team's progress?
- Have estimated due dates for review deliverables been determined or updated for each review?
- Are there any issues with the current review process to discuss or table for a more focused meeting?
After the meeting
- Ticket updates are performed in real time and current status is viewable on our Phabricator board
- Older meeting notes are available below, but current workflows make this a duplication of effort and notes are no longer produced.
- The Director of Security will be notified of any issues.