🗣️Communication Channels and Access
This stage serves to establish the cadence, mediums, and expectations around communication as well as access to your code repository so that the Spearbit team can begin the scoping process.
Discord
Discord is used as the primary source of communication during the entirety of the engagement. The channels of communication within discord can be broken into the following: Client <> Spearbit Core This is a client's direct communication line with the core team at Spearbit in order to preserve and maintain a high level of transparency and operational support throughout the entire engagement. The core team will create a channel with the client in order to discuss and coordinate any items pertaining to operational overhead of the security review or to provide support in any phase of the engagement process.
Client <> Review Team + Spearbit Core Another channel will be created for coordination with the researchers conducting the security review itself formed by Spearbit to meet the tailored needs of your unique scope. These researchers will be active in this channel and asking your developers for clarity
Researcher Team <> Spearbit Core Lastly, the Spearbit team has it's own private channel with the security researchers conducting the review in order to maintain quality control and a high-level purview in order to facilitate efficiency from the operations front of the engagement and to ensure the core needs of the client are being met beyond expectations.
Note: These communication channels are flexible and fluid enough to accomodate for clients needs should anything be requested outside of these core mediums.
Github
Github is another primary channel through which the security researchers on the review team will interact, comment, and create issues within your repository regarding the security posture of your code.
Our review teams are very active and communicative with client development teams throughout the engagement and we highly recommend that clients utilize this availability to the fullest extent when providing any necessary context during the review period. This section is covered in more detail regarding the usage of Github by the review teams in the section.