Purpose
The purpose of the Security Team is to identify and define which risks the company is exposed to and mitigate them to a business-acceptable level.
The team ensures that security best practices are being applied and guarantee the security of Rocket.Chat’s applications, finding and responding to new vulnerabilities and incidents, ensuring the confidentiality, integrity, and availability of the services.
Top OKRs, relevant for Security function, built by stakeholder input
Company Scale - Scale and build a strong (Security) Team, (while: Securing other teams´ growth)
Revenue Stream - Grow the business, driving ARR
Customer Centric - Productize internal services or processes, applying a CC-attitude
Enterprise Product - Establish industry leadership as B2B comms platform
Community Engagement - Increase dev relationships (incl. White hats)
Main Tasks
The objective of the security team is to help everyone to keep Rocket.Chat and our customers secure. We can only achieve that when we all work together!
Communication and Information
Discussion Channels
RC security channel - day-to-day conversation, invite on request
RC important - company-wide announcements
RC-security-team - team-internal conversations, all team members are added during onboarding
Mailing lists
Security mailing list - all things related to security
Privacy mailing list - all things related to privacy@rocket.chat
Public
Security solutions - summary of security features of the product
Invitation to contribute to security - Disclosure policy
Reporting or communicating incidents and vulnerabilities
Reach out to any of the security team members listed here
Refer to the internal handbook page in this link.
Policies
Playbooks
Playbooks help us to standardize certain processes around security and enable transparency on how we work. The following are the security playbooks.
Refer to Security Playbooks