SVG:Scope
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Scope
The Scope of SVG going forwards in the EOSC era has been discussed at by SVG in recent weeks.
At the time of writing (October 2020) this is summarized as follows:--
EGI
EGI UMD and EGI CMD
Relevant Linux OS distributions, including RedHat Enterprise Linux (RHEL), CentOS, Extra Packages for Enterprise Linux (or EPEL). Other services may find advisories related to these versions of Linux useful.
Other software we (the SVG RAT) know is used on the infrastructure and possibly affected by security concerns (e.g. Singularity).
Other relevant software used in EGI covered by Deployment Expert Group (DEG).
Noting that scope even within EGI depends on participation in DEG, due to proliferation of software and service types.
Hub Portfolio
People with expertise in the Hub Portfolio must be in the DEG in order for this to work.
EGI and the Hub Portfolio are at present the main services we consider to be covered by SVG, and we will focus getting DEG members on this basis.
Centrally operated services
SVG is primarily designed to handle vulnerabilities relevant to the distributed computing infrastructure. But we will help where possible with the centrally operated services, including collaboration tools, as we are all dependent on them. This includes services and tools like RT, Confluence, repository.egi.eu and DOCDB.
EUDAT
We consider it would be good if EUDAT services were also included.
Services in the EOSC catalogue - full range NOT included
The full range of services in the EOSC catalogue services are not included. However, there should be a place where security problems can be reported, and we will encourage good practice - possibly via the WISE community Details will be discussed at a later date.