Change Details

As part of ramping up the #security-team we want to keep actionable inside of phabricator even for risk/governance/compliance work. In negotiating this workflow it seems the only missing component for this to be achieved is a formal "risk" field. Rather than create a new form at https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/ my proposal is to add this field to the 'advanced' form at https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/3/. This form is already restricted to folks who are known quantities and I don't expect this to be a problem. I don't want to add 'risk' to the simplified public reporting security form as keeping that as simple as possible is the right idea. Open to whatever works but I think adding it to the existing and adjusting if that's an issue is probably the sanest approach.

As part of ramping up the #security-team we want to keep actionables for assessment work/auditing inside of phabricator even for risk/governance/compliance. In negotiating this workflow it seems the only missing component for this to be achieved is a formal "risk" field. Rather than create a new form at https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/ my proposal is to add this field to the 'advanced' form at https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/3/. This form is already restricted to folks who are known quantities and I don't expect this to be a problem. I don't want to add 'risk' to the simplified public reporting security form as keeping that as simple as possible is the right idea. Open to whatever works but I think adding it to the existing and adjusting if that's an issue is probably the sanest approach.

As part of ramping up the #security-team we want to keep actionables for assessment work/auditing inside of phabricator even for risk/governance/compliance work. In negotiating this workflow it seems the only missing component for this to be achieved is a formal "risk" field. Rather than create a new form at https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/ my proposal is to add this field to the 'advanced' form at https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/3/. This form is already restricted to folks who are known quantities and I don't expect this to be a problem. I don't want to add 'risk' to the simplified public reporting security form as keeping that as simple as possible is the right idea. Open to whatever works but I think adding it to the existing and adjusting if that's an issue is probably the sanest approach.