[Haskell-cafe] Call for Volunteers - Security Response Team

[Jose Calderon]

The Security Response Team (SRT) is formally calling for applications to
join the SRT. People from the Haskell community with information security
experience are encouraged to apply. This is an opportunity to have a large
impact on the practice of Haskell programming going forward.

Since its inception, the SRT has had an outsized impact on the Haskell
Ecosystem. I can say with confidence that the group conducts its business
in an extremely professional and disciplined manner. If you have an
interest in helping the team continue its mission, please apply!


## Security Response Team responsibilities

The general responsibilities of the SRT are:

- Manage the Haskell Security Advisory Database, on behalf of the Haskell
community and the Haskell Foundation.

- Triage and assess incoming security reports or proposed/candidate
security advisories.

- Assist reporters to determine CVSS scores and CWE values for confirmed
security issues.

- Communicate with package maintainers and the community to promote the
timely resolution of reported security issues.

- Ensure the security advisory data are useful for downstream security
tooling.  (Development of downstream tooling is not an SRT responsibility,
but engaging with the developers is)

- Report quarterly on the activities of the SRT and statistics/trends in
new security issues.



## How can you help?

- You can apply

- If you don't want to apply but know someone who would be great, encourage
them to apply.

- Volunteers should have experience in one or more of the following areas:

  - web application security
  - information security incident response
  - vulnerability research and analysis
  - penetration testing
  - cryptography
  - authentication and identity management
  - governance, risk management and compliance (GRC)
  - secure application development
  - algorithms, data structures, and their role in DoS attacks
  - related disciplines

## Who is involved?

The current membership of the SRT is:

- Fraser Tweedale
- Gautier Di Folco
- Mihai Maruseac
- Tristan de Cacqueray

The team is hoping to gain 2-3 new members via this call for volunteers.

## How to apply

Email `Fraser Tweedale <frase+hasksec at frase.id.au>` with subject "Haskell
SRT Application".  Include a brief overview of your background in security
and the specific topics (e.g. from the list above) with which you have
experience.


## Deadline

Please submit your applications by end of day September 30th, 2024.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20240904/cc069c09/attachment.html>