I heard that Google had an unofficial 'Virtual' team called the Orange Team that consisted of staff from outside the official security team, who engaged in a range of white hat activities to both develop their own skills, and to improve security at Google. (sort of like a team of Dick Feynmans roaming Los Alamos)
Sadly I've had trouble identifying more information about defining the role and parameters of operation of an Orange Team so one could safely and effectively establish one.
Can anyone help;
- More clearly define the role of an Orange Team and its members?
- Define what is acceptable practice?
In short, ensure team members can contribute to security safely, without endangering the organisation's security?