Task and Project Management for Security occur in Jira . Security uses three projects:
Product Security: contains tasks that deal with the overall features and improvements of our products and services, e.g.: new features
Security Management System: contains tasks that deal with our internal management processes of security, e.g.: policies, reoccurring audit tasks
Incidents & Vulnerabilities: containts tasks that deal with the said, e.g.: hackerone reports, github issues pointing out a flaw
A task should have complete information available to answer all "W"-questions.
Tags are the most important instrument to classify tasks. A task can have multiple tags.
Security tasks that are worked on currently must be added to the current sprint. Sprint tasks should be estimated with Sprint points.
Tasks involving security are often added into other lists in other projects in Jira. Other teams requesting resources of the security team should simply create a task in Jira and assign it to one of the security members.
Tasks can be shared publicly via the sharing function, but only the content that is deemed adequate for the public.