========
Security
========

This section describes security practices and procedures for the Dataverse team.

.. contents:: |toctitle|
	:local:

Intake of Security Issues
-------------------------

As described under :ref:`reporting-security-issues`, we encourage the community to email security@dataverse.org if they have any security concerns. These emails go into our private ticket tracker (RT_).

.. _RT: https://help.hmdc.harvard.edu

We use a private GitHub issue tracker at https://github.com/IQSS/dataverse-security/issues for security issues.

Sending Security Notices
------------------------

When drafting the security notice, it might be helpful to look at `previous examples`_.

.. _previous examples: https://drive.google.com/drive/folders/0B_qMYwdHFZghaDZIU2hWQnBDZVE?resourcekey=0-SYjuhCohAIM7_pmysVc3Xg&usp=sharing

Gather email addresses from the following sources (these are also described under :ref:`ongoing-security` in the Installation Guide):

- "contact_email" in the `public installation spreadsheet`_
- "Other Security Contacts" in the `private installation spreadsheet`_

Once you have the emails, include them as bcc.

.. _public installation spreadsheet: https://docs.google.com/spreadsheets/d/1bfsw7gnHlHerLXuk7YprUT68liHfcaMxs1rFciA-mEo/edit#gid=0
.. _private installation spreadsheet: https://docs.google.com/spreadsheets/d/1EWDwsj6eptQ7nEr-loLvdU7I6Tm2ljAplfNSVWR42i0/edit?usp=sharing