Difference between revisions of "SVG:Issue Handling Templates"
Jump to navigation
Jump to search
(Created page with '{{svg-header}} == When issue is reported == Acknowlege the reporter - template ReporterAfterReport <pre> Dear <Name>, Thank you for reporting the potential vulnerability <tic…') |
|||
Line 8: | Line 8: | ||
Dear <Name>, | Dear <Name>, | ||
Thank you for reporting the potential vulnerability <ticket No> concerning <title of issue> to the EGI Software Vulnerability Group. | Thank you for reporting the potential vulnerability <ticket No> concerning <title of issue> | ||
to the EGI Software Vulnerability Group. | |||
We confirm that a member of our Risk Assessment Team (RAT) has seen this report and we take note of this information. We will follow the approved EGI Software Vulnerability issue handling process which can be downloaded from: | We confirm that a member of our Risk Assessment Team (RAT) has seen this report and we take | ||
note of this information. We will follow the approved EGI Software Vulnerability issue | |||
handling process which can be downloaded from: | |||
https://documents.egi.eu/public/ShowDocument?docid=47 | https://documents.egi.eu/public/ShowDocument?docid=47 | ||
Line 21: | Line 24: | ||
The RAT, along with the developers of the software involved, investigate the issue. You are invited to participate in this investigation. | The RAT, along with the developers of the software involved, investigate the issue. | ||
You are invited to participate in this investigation. | |||
If the issue is not found to be valid, we will tell you why. | If the issue is not found to be valid, we will tell you why. | ||
If the issue is valid, the RAT carries out a Risk Assessment which involves placing the issue in one of four Risk Categories - Critical, High, Moderate or Low. | If the issue is valid, the RAT carries out a Risk Assessment which involves placing the issue | ||
in one of four Risk Categories - Critical, High, Moderate or Low. | |||
A target date for resolution is then set according to the Risk category. | A target date for resolution is then set according to the Risk category. | ||
Line 31: | Line 36: | ||
We aim to do this within 4 working days. | We aim to do this within 4 working days. | ||
The information is then passed to the developers and software distributers who should ensure the problem is eliminated in time for the target date. | The information is then passed to the developers and software distributers who should ensure | ||
the problem is eliminated in time for the target date. | |||
An advisory should be issued on or before the Target date, and you should receive a copy. | An advisory should be issued on or before the Target date, and you should receive a copy. | ||
Please let us know if you wish your name to appear on the advisory to be credited as the reporter of the problem should an advisory be issued. | Please let us know if you wish your name to appear on the advisory to be credited as | ||
the reporter of the problem should an advisory be issued. | |||
<any questions etc concerning this issue> | <any questions etc concerning this issue> |
Revision as of 12:56, 28 October 2010
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Issue Handling Templates
When issue is reported
Acknowlege the reporter - template ReporterAfterReport
Dear <Name>, Thank you for reporting the potential vulnerability <ticket No> concerning <title of issue> to the EGI Software Vulnerability Group. We confirm that a member of our Risk Assessment Team (RAT) has seen this report and we take note of this information. We will follow the approved EGI Software Vulnerability issue handling process which can be downloaded from: https://documents.egi.eu/public/ShowDocument?docid=47 The process can be summarised as follows:- Anyone may report a vulnerability, by e-mail to report-vulnerability@egi.eu Please use this method in future if you did not do so in this case. The RAT, along with the developers of the software involved, investigate the issue. You are invited to participate in this investigation. If the issue is not found to be valid, we will tell you why. If the issue is valid, the RAT carries out a Risk Assessment which involves placing the issue in one of four Risk Categories - Critical, High, Moderate or Low. A target date for resolution is then set according to the Risk category. We aim to do this within 4 working days. The information is then passed to the developers and software distributers who should ensure the problem is eliminated in time for the target date. An advisory should be issued on or before the Target date, and you should receive a copy. Please let us know if you wish your name to appear on the advisory to be credited as the reporter of the problem should an advisory be issued. <any questions etc concerning this issue> Regards, The EGI Software Vulnerability Group
RAT Issue Handling Instructions
| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |