Security review

[Libor Polčák]

Hello all,

see below the details of the security review for the project. Who wants to 
attend? I think that me and Giorgio are the most critical. Martin, Marek, and 
Matúš can join if they wish.

I thinks that we should try to schedule the review between 17.1. and 4.2. Do 
you have any preferred time? Do you have any time to avoid? Please let me know 
by the end of the week.

Thanks

Libor


-------- Security review --------

*Getting started*
To get started with the basic security quickscan we would like to invite you to 
our internal secure chat environment (a separate RocketChat instance). In the 
chat you can directly communicate with a ROS auditor and follow along the 
process of the quickscan. We call this concept Peek-Over-Our-Shoulder.

To onboard you to the chat, we need the full name and e-mail address of 
everyone on your team you would like to involve. Once we receive the requested 
information we will send you a link to set your password for our chat 
environment and gitlab, and the client onboarding manual.

*Basic security quickscan*
The grant allocated two (2) person days for the basic security quickscan for 
every NLnet NGI0 project. The two days will allow a ROS auditor to give you 
high-level security advice about your project. The number of days is limited to 
be able for us to support all the NLnet NGI0 projects. In case more days are 
needed, this could be discussed with NLnet. We advise you to contact us sooner 
rather than later for the basic security quickscan so we can go forward with 
scheduling the quickscan and discussing how to help you based on your project 
plan, expected milestones and outcomes.

*Stay in touch and informed*
Please keep in mind that due to the 2-day time constraint we believe it's 
especially important to have a close communication loop so the allocated 
resources can be used effectively. Therefore we encourage you to check in with 
the chat regularly once the quickscan starts so that we can deliver the best 
value for your project.