Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add guidance about OPSEC on release #15

Open
risacher opened this issue Sep 7, 2021 · 0 comments
Open

Add guidance about OPSEC on release #15

risacher opened this issue Sep 7, 2021 · 0 comments

Comments

@risacher
Copy link
Owner

risacher commented Sep 7, 2021

Coordinator Comment and Justification: Existing DoD culture has created a “common sense” that any public disclosure is a risk to operational security. As a result, this strategy needs to explicitly define or reference the controls that a supervisor needs to apply in order to preserve operational security.

Coordinator Recommended Change: “Supervisors should encourage Government employees to contribute to OSS projects as part of their official duties, provided that those employees use an identity that is distrinct from their DoD ID. This allows employees to retain credit for their contributions in a future career outside the DoD, and it creates a degree of anonymity for the contribution that hinders a vigilant threat actor from linking the OSS vulnerability to any specific DoD system.”

Originator Response: Partially accept. See reasoning.

Originator Reasoning: Will add content on this topic to the DoD OSS FAQ.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant