Issue Handling Templates

When issue is reported

Acknowlege the reporter - template ReporterAfterReport

Dear <Name>,

Thank you for reporting the potential vulnerability <ticket No> concerning <title of issue> 
to the EGI Software Vulnerability Group. 

We confirm that a member of our Risk Assessment Team (RAT) has seen this report and we take 
note of this information. We will follow the approved EGI Software Vulnerability issue 
handling process which can be downloaded from:

https://documents.egi.eu/public/ShowDocument?docid=47

The process can be summarised as follows:-

Anyone may report a vulnerability, by e-mail to report-vulnerability@egi.eu

Please use this method in future if you did not do so in this case.  


The RAT, along with the developers of the software involved, investigate the issue. 
You are invited to participate in this investigation.

If the issue is not found to be valid, we will tell you why. 

If the issue is valid, the RAT carries out a Risk Assessment which involves placing the issue 
in one of four Risk Categories - Critical, High, Moderate or Low.

A target date for resolution is then set according to the Risk category.

We aim to do this within 4 working days.

The information is then passed to the developers and software distributers who should ensure 
the problem is eliminated in time for the target date. 

An advisory should be issued on or before the Target date, and you should receive a copy.

Please let us know if you wish your name to appear on the advisory to be credited as 
the reporter of the problem should an advisory be issued.

<any questions etc concerning this issue>

Regards,

The EGI Software Vulnerability Group

RAT Issue Handling Instructions

| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |