Many of the attributes of this team are derived from the Google SRE book, such as: max 50% of the teams time should be on interrupt driven issues, this is to allow for at least 50% of time to be committed to improving the root causes of those interrupts. If the 50% on interrupts is exceeded the members of the other AM development teams will join the DRIVE team until the balance is regained.
Security Issues that Impact AM Configuration
Certain Security Issues fixes will have an impact on the considerations that a customer must make at deployment in order to ensure that the deployment is adequately secured. The most obvious example of this is fixes that add new security-related configuration fields (this is particularly important where the default configuration is that the security-related configuration is disabled); if you're unsure if this is the case for a specific ticket then please reach out to the security team for guidance.
This guidance is collated in the 'Security Guide' (AM 7) or the 'Deployment Planning Guide' - "Planning Security Hardening" / 'Installation Guide' - "Securing Installations" (AM 6.5.0 and lower) docs within the product documentation.
In order to ensure that this documentation change is captured the following process should be followed (DRAFT - to be finalised):
- Raise an OPENAM Documentation task
- Component/s: documenttion
- Priority: Major
- Security Level: security_issue
- Provide a suitable description
- Describe the security implication and the hardening requirement
- Provide the steps required to enable/configure the security setting
- Link documentation ticket as 'is required by' original security issue ticket