Announcement: Incident Response Training

TL;DR: Now that there is a first version of the code of conduct for the WordPress project, incident response training is available to anyone interested in learning more about how to take and respond to incident reports. Further, I would like to build a team who is prepared to help the WordPress community when something goes against the new code of conduct, and ask you to help me identify those individuals. 

A new code of conduct for the WordPress project has been announced! This is a great step towards helping current and future WordPress community members and contributors understand how we aspire to work together in “official” spaces. This code of conduct being new, I’m sure there are many questions around how it will be applied and carried out. 

To that end, the Community team has created training for incident response, covering topics like expectations when doing this work, how to take incident reports, and how to respond to reports. This training is now live on Learn WordPress, and available to everyone interested. 

Another important piece of this is helping people understand where they can go when they see behavior or actions that don’t match the code of conduct. I am excited to announce that a new incident response team will be created. To be clear, the responsibility of the incident response team is not to actively search for or monitor behavior. Instead, this team will be a resource to the community for when things don’t go as expected.

The work of taking and responding to incident reports requires a high degree of professionalism and emotional intelligence, and it is often invisible and difficult work. Because of this, individuals will be vetted and will need to complete training prior to joining the WordPress incident response team. Read on for all the details! 

How to join the WordPress incident response team

To best serve the community, incident response team members need to be able to remain calm when faced with difficult situations and possess exceptional listening and communication skills. When responding to incidents, they need to be able to maintain confidentiality* wherever possible, and think objectively. 

Because of this, I would like to request nominations to this team instead of asking for volunteers. Please complete the form below to submit your nomination of who you think would be a good candidate for this team.

Nominations will go through a vetting process similar to what the Community team does for organizers. For incident response team members, vetting will include:

  • Making sure they are in good standing with WordPress
  • Familiarity with WordPress and open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. practices is a plus
  • Perfunctory review of social media
  • Checking for compliance with the GPLGPL GPL is an acronym for GNU Public License. It is the standard license WordPress uses for Open Source licensing The GPL is a ‘copyleft’ license This means that derivative work can only be distributed under the same license terms. This is in distinction to permissive free software licenses, of which the BSD license and the MIT License are widely used examples.
  • Reviewing any examples of excellent communication

Further, it is important that the incident response team be diverse to reflect our global community, and this will be a consideration for the final make up of the team. The vetting will be done by myself (@angelasjin), @juliarosia, @ipstenu, and @kcristiano and @chanthaboune will give final approval. 

It is my hope that incident response team members can commit to being on the team for one full year. Depending on the volume of incident reports, they can expect to contribute anywhere between 2 to 20 hours a month. In addition, to help incident response team members be as successful as possible, they are expected to complete required training prior to joining the team. 

Training for the incident response team

While anyone can complete the incident response training on Learn WordPress, potential incident response team members will complete the same training alongside peers in a cohort. The cohort will meet synchronously four times (one hour-ish each), across the span of a month, to discuss incident response team training modules and practice through role play. There will be optional, highly recommended office hours and additional opportunities to practice learned skills. 

In addition, incident response team members will be required to complete DEI training, offered by an external consultant who will be prepared to offer DEI training for WordPress’ global contexts. 

The time commitment for this training will be approximately 2-3 hours per week at minimum, across five (possibly six) weeks. 

As with any team, I hope that we will continue to bring on new team members over time! While there are no immediate plans to have this cohort again, the intent with this first cohort is to put our best forward, gather feedback from the cohort, and iterate for the next group.

Questions? Comments? Feedback?

This is a brand new thing! What questions or feedback do you have? Share them in the comments below.

*A note on confidentiality: while the WordPress project tries to work transparently and in public spaces as much as possible, for the safety of community members, incident response needs to be treated confidentially wherever possible. However, anonymized, annual reports (similar to what the Community team has done in the past) will be published.