DTA need Industry/Community Engagement Model #10
Description
Proposal
We need to help DTA (and other depts?) establish an open and transparent engagement model to allow & act on feedback from external organisations and individuals to product better and more secure solutions
Thoughts
From an external perspective & someone that's just started looking into this area it seems very hard to engage with the DTA as evidenced by recent projects such as Covid Safe app & concerns around vaccine certificate.
Serious security concerns also seem to have been ignored even with Media attention.
There's been several impressive third party projects fulfilling needs such as easily searchable Covid exposure sites however these should ultimately be provided by our much better resourced government who will also ensure solutions meet requirements such as accessibility etc and are thoroughly tested.
I'm probably being naïve here but DTA exists ultimately for everyone in Australia (and is funded by us all) so it seems to me there should be an open forum to raise feedback and concerns about solutions we are all going to use.
I cannot see anything on their site around this (beyond contact email addresses) or any plans in their current published roadmap (https://www.dta.gov.au/dts-roadmap).
Suggestions
- DTA run a monthly online session open to all where issues and feedback can be raised (no idea how this would be prioritised and could be huge list)
- DTA use RFC model (where appropriate)
- DTA commit to using existing or open source tech e.g. EU Vaccine cert model. If they feel other solutions are more appropriate then reasons why are published for all
- Where appropriate code to be open sourced for review and contribution
- Use of github issues/discussion?
- Does a vulnerability disclosure program/policy exist that also commits to resolving critical security flaws?