By Michael Babker on 2016-11-17 21:12 in Security Strike Team

In accordance with the Transition Team's directive, the JSST voted to confirm its team lead in accordance with the new project structure voted in May 2015.  Of 18 active team members, 15 entered votes and Michael Babker was unanimously selected as the team lead.  Voting was conducted from November 5 to November 8.  Additional roles will be voted on and filled to satisfy all structure requirements at a later date.

During the last month, the JSST has been reviewing its internal workflows and aiming to improve our workflows and expectations.  During this period, we have restored https://developer.joomla.org/security.html (a page which was unfortunately lost during a previous site upgrade) and have ensured that https://www.joomla.org/security and http://security.joomla.org both direct to this page.  The page provides public guidance on the scope of the JSST's work, the expectations a reporter can have from the team, and information on how to report an issue (including a public list of GPG keys to enable encrypted communications).  We have also updated https://developer.joomla.org/security-centre.html and https://developer.joomla.org/security/contact-the-team.html to better cross reference this information and make it easier for users to find it and sign up for notifications from our security announcement feed.

We have also streamlined our communication process by transitioning our security@joomla.org email account to the Help Scout helpdesk system.  This has enabled our team to better receive messages and respond to them.