Marta Rybczynska · 6954856b · fb47e7bc · 50f9b7c5 · 06d7ea5d · 6954856b
--- a/source/development_process.adoc

+ 16

− 3
+++ b/source/development_process.adoc

+ 16

− 3
 @@ -36,7 +36,7 @@ All Committers and Project Leads engaged in Project activity are required to imp
 * {bylawsUrl}[Eclipse Foundation Bylaws]
 * {membershipAgreementUrl}[Eclipse Foundation Membership Agreement]
 * {ipPolicyUrl}[Eclipse Foundation Intellectual Property Policy]
-* {securityPolicyUrl}[Eclipse Foundation Vulnerability Reporting Policy] 
+* {securityPolicyUrl}[Eclipse Foundation Security Policy]
 * {antitrustPolicyUrl}[Eclipse Foundation Antitrust Policy]
 * {codeOfConductUrl}[Eclipse Foundation Community Code of Conduct]

 @@ -117,7 +117,7 @@ This document is entirely composed of requirements. In addition to the requireme
 [[edp-emo-responsibility]]
 === 3.1 EMO Responsibility

-The EMO has the responsibility and authority to mitigate issues that arise when Committers fail to perform the required behaviors or engage in practices that risk harm to Eclipse Projects, the community, and/or Ecosystem. This includes, but is not limited to, issues that arise due to a failure to implement the {securityPolicyUrl}[Eclipse Foundation Vulnerability Reporting Policy], the {ipPolicyUrl}[Eclipse Foundation Intellectual Property Policy], the {codeOfConductUrl}[Eclipse Foundation Community Code of Conduct], or other governance policies of the Eclipse Foundation.
+The EMO has the responsibility and authority to mitigate issues that arise when Committers fail to perform the required behaviors or engage in practices that risk harm to Eclipse Projects, the community, and/or Ecosystem. This includes, but is not limited to, issues that arise due to a failure to implement the {securityPolicyUrl}[Eclipse Foundation Security Policy], the {ipPolicyUrl}[Eclipse Foundation Intellectual Property Policy], the {codeOfConductUrl}[Eclipse Foundation Community Code of Conduct], or other governance policies of the Eclipse Foundation.

 The EMO's authority includes, but is not limited to, the ability grant specific individuals equivalent to Committer privileges, suspend access to Project resources, add or remove Committers and Project Leads, and--in extreme cases--terminate the Project. 

 @@ -225,7 +225,7 @@ To hold a Project Lead role on a Project, an individual must also hold a Committ
 In the unlikely event that a Project Lead becomes disruptive to the process or ceases to contribute for an extended period, the individual may be removed by the unanimous vote of the remaining Project Leads (if there are at least two other Project Leads), or unanimous vote of the Project's PMC.

 [#4_7_Committers_and_Contributors]
-=== 4.7 Committers and Contributors
+=== 4.7 Committers and Contributors4

 Each Project has a development team, led by the Project Leaders. The development team is composed of Committers and Contributors. Contributors are individuals who contribute code, fixes, tests, documentation, or other work that is part of the Project. Committers have write access to the Project's resources (source code repository, bug tracking system, website, build server, downloads, etc.) and are expected to influence the Project's development.

 @@ -268,6 +268,19 @@ Projects are required to make a Project plan available to their community at the

 Project Plans must be delivered to the community through communication channels approved by the EMO. The exact nature of the Project plan varies depending on numerous variables, including the size and expectations of the communities, and requirements specified by the PMC.

+[#4_11_Projects_Security_Team]
+=== 4.11 Project Security Team
+
+The Project Security Team is responsible for implementing the {securityPolicyUrl}[Eclipse Foundation Security Policy]. Projects must engage in timely resolution of security issues as described in the Policy. By default, all Committers belong to the Project Security Team.
+
+Any Committer or anyone in the Project Leadership Chain may propose a creation of a separate Project Security Team to the PMC. If the PMC approves the proposal, all Committers vote on the proposal. The creation of a separate Project Security Team requires consensus with no objections (only +1 or abstentions, no -1 votes). The same rule applies to the retirement of a separate Project Security Team.
+
+Members of the Project Security team are voted in by all Committers using the same rules as for election of Committers with exceptions specified in this section.
+
+The Project Security Team must consist of at least two persons; at least one of them must be a Committer on the Project. The Project is free to elect non-Committers to the Project Security Team, when they have related security experience. Project Security Team members are required to sign the appropriate Committer legal agreements established by the EMO.
+
+The members of Project Security Team must keep strict confidentiality of issues before they are resolved and released publicly. For resolution of a particular issue, they might bring in additional Committers or Contributors, or additional domain experts. Those contributors must adhere to the same confidentiality guidelines.
+
 [#5_Reserved]
 == 5. [Reserved]