SVG:Issue Handling Templates
Jump to navigation
Jump to search
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Issue Handling Templates
When issue is reported
Acknowlege the reporter - template ReporterAfterReport
Dear <Name>, Thank you for reporting the potential vulnerability <ticket No> concerning <title of issue> to the EGI Software Vulnerability Group. We confirm that a member of our Risk Assessment Team (RAT) has seen this report and we take note of this information. We will follow the approved EGI Software Vulnerability issue handling process which can be downloaded from: https://documents.egi.eu/public/ShowDocument?docid=47 The process can be summarised as follows:- Anyone may report a vulnerability, by e-mail to report-vulnerability@egi.eu Please use this method in future if you did not do so in this case. The RAT, along with the developers of the software involved, investigate the issue. You are invited to participate in this investigation. If the issue is not found to be valid, we will tell you why. If the issue is valid, the RAT carries out a Risk Assessment which involves placing the issue in one of four Risk Categories - Critical, High, Moderate or Low. A target date for resolution is then set according to the Risk category. We aim to do this within 4 working days. The information is then passed to the developers and software distributers who should ensure the problem is eliminated in time for the target date. An advisory should be issued on or before the Target date, and you should receive a copy. Please let us know if you wish your name to appear on the advisory to be credited as the reporter of the problem should an advisory be issued. <any questions etc concerning this issue> Regards, The EGI Software Vulnerability Group
RAT Issue Handling Instructions
| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |