JoeD That said, I’m fully supportive of post-incident communications, like detailed post-mortems or technical breakdowns, once the security team has neutralized a threat. Sharing insights at that stage could strengthen trust and awareness without compromising active defenses. How do you feel about that approach?
Thanks for your comment, Joe.
I also support the idea of post-incident analysis and communication as you describe it.
The question is whether this falls within the scope of this proposal. While developing the RIP00015, "communication" was not a primary concern for the commentators. However, I still did include, as part of the incident response procedure in the RIP00015, a requirement for the Security Committee to "Submit a detailed report to the DAO for analysis."
That said, the technical requirements for committee members remain relatively low. In my opinion, this is insufficient for conducting deep forensic analysis. For this first term, the Security Committee members' primary responsibility will remain to push the big red "STOP" button when needed.
As time passes and we hopefully attract more qualified members and candidates, we could consider raising our requirements and expectations. However, for this first term, our primary concerns remain to attract candidates and encourage their involvement and responsiveness.
What do you think of that?
