Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Deployment View"

From EGIWiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 2: Line 2:


This provides information on the view and responsibilities of those deploying the software, useful to both NGIs and Sites.
This provides information on the view and responsibilities of those deploying the software, useful to both NGIs and Sites.
{{under construction}}


== Sites should install up to date software ==
== Sites should install up to date software ==
Line 13: Line 11:
== Advisories from SVG ==
== Advisories from SVG ==


Site security contacts will receive copies of advisories sent by the EGI SVG, as will NGI Security Contacts. In most cases, these will be to advise to update software as a vulnerability has been eliminated. Most advisories will also be placed on a public EGI web page (location TBD).
Site security contacts will receive copies of advisories sent by the EGI SVG, as will NGI Security Contacts. In most cases, these will be to advise to update software as a vulnerability has been eliminated. Most advisories will also be placed on a public EGI web page.  


In some cases, advisories will not be distributed publicly, at least initially, if early release is too helpful to an attacker.  An example of this is if there is no fix to the software, but operational action is recommended and revealing this is useful to an attacker.  
In some cases, advisories will not be distributed publicly, at least initially, if early release is too helpful to an attacker.  An example of this is if there is no fix to the software, but operational action is recommended and revealing this is useful to an attacker.  


Note that advisories from the EGEE Grid Security Vulnerability Group are placed at
[[ SVG:Advisories | Advisories ]]
[http://www.gridpp.ac.uk/gsvg/advisories http://www.gridpp.ac.uk/gsvg/advisories].


== Sites should report any vulnerabilities they find ==
== Sites should report any vulnerabilities they find ==


If sites find vulnerabilities, they should report them as in [[ SVG:Reporters View | Reporters View]]  
If sites find vulnerabilities, they should report them as in [[ SVG:Reporters View | Reporters View]]  


== Some site administrators are in the SVG ==
== Some site administrators are in the SVG ==


Some experienced site administrators, who have knowlege of software security, are also members of the EGI SVG.  
Some experienced site administrators, who have knowlege of software security, are also members of the EGI SVG. New members who wish to contribute to SVG are welcome.
 


{{svg-issue-views}}
{{svg-issue-views}}

Latest revision as of 10:12, 29 April 2016

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Deployment View


This provides information on the view and responsibilities of those deploying the software, useful to both NGIs and Sites.

Sites should install up to date software

Sites should ensure that the software they install is up to date, including Grid Middleware distributed by the EGI UMD and take note of appropriate advisories.

In a small number of cases, if a vulnerabilities are considered 'Critical' CSIRT may wish to take action if software installed on a site is not up to date.

Advisories from SVG

Site security contacts will receive copies of advisories sent by the EGI SVG, as will NGI Security Contacts. In most cases, these will be to advise to update software as a vulnerability has been eliminated. Most advisories will also be placed on a public EGI web page.

In some cases, advisories will not be distributed publicly, at least initially, if early release is too helpful to an attacker. An example of this is if there is no fix to the software, but operational action is recommended and revealing this is useful to an attacker.

Advisories

Sites should report any vulnerabilities they find

If sites find vulnerabilities, they should report them as in Reporters View

Some site administrators are in the SVG

Some experienced site administrators, who have knowlege of software security, are also members of the EGI SVG. New members who wish to contribute to SVG are welcome.

| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |