This runbook describes the process for times when the Application Security team has team members available during holidays, Friends and Family days, or other events where many team members are expected to be out of office.
Since Application Security is not on-call, we aim to provide this best-effort coverage that may or may not be available in every region.
If you need assistance:
When holidays or Friends and Family days are coming up, the AppSec team should try to find a team member who can swap their day off. Ideally a team member for each region would be available, but it is not necessarily required.
The AppSec Weekly Triage Rotation spreadsheet has
F&F Day S1 Coverage and
Holiday Coverage sheets that can be used to plan and coordinate.
The AppSec team maintain a Family & Friends Day coverage sheet and a Holiday coverage sheet.
The AppSec team will post a Slack message in
#sec-appsec with information on who is available, when they are available, and how to get in contact if AppSec assistance is urgently needed. This should be cross-posted to te
#security-department channels for extra visibility.
Each AppSec team member providing coverage will have their mobile phone number available in their Slack profile.
Should an incident occur, the "Handling S1/P1s procedure" will be followed, which includes handing over to the next AppSec engineer.