Inviting a Security Team applicant to assist with an issue

Dear [person],

Thanks so much for expressing your interest in joining the Security Team. For you to better understand the Security Team and our work we'd like you to help out by reviewing a vulnerability and fix in a module. This is a regular duty as a member of the Team.

You've been granted access an issue on the security.drupal.org issue tracker. You should have received an email with a link to the issue and you will get notifications as people work on the issue. You can also find issues you have access to by visiting https://security.drupal.org/project/issues/.

1. Do not discuss the issue with anyone except the module maintainer and members of the Security Team.
2. Confirm the vulnerability exists by installing the module on a test site and following the vulnerability description.
3. Test the patch to confirm it fixes the vulnerability.
4. Review the patch according to http://drupal.org/patch/review.
5. Comment on the issue on security.drupal.org, with your review of the patch.
6. When the patch is ready to be committed, we may also grant you access to the Advisory node so you can help confirm it conforms to our standard style/format at http://drupal.org/security/contrib.

Members of the team are expected to perform duties like this regularly. They also help people via email and help write and post Advisory nodes to drupal.org.

The document that describes this process is at http://drupal.org/node/101497 Please read (or re-read it) as it changes periodically and following it is important.

Don't hesitate to ask if you have any questions, I'm available for assistance during this time. We're continually working to improve our processes, so your interest in that, along with the ability and followthrough in carrying out these duties, is an important step in joining the team.

Regards,