Difference between revisions of "SVG:RAT Issue Handling Instructions"
(Created page with '{{svg-header}} This page is intended for RAT members to provide a summary of what to do when a software vulnerability has been reported. Note that this is a first…') |
|||
Line 3: | Line 3: | ||
This page is intended for [[SVG:RAT | RAT]] members to provide a summary of what to do when a software vulnerability has been reported. | This page is intended for [[SVG:RAT | RAT]] members to provide a summary of what to do when a software vulnerability has been reported. | ||
Note that this is a first draft, and will probably change/improve as we follow the process. | Note that this is a first draft, and will probably change/improve as we follow the process described in the Software Vulnerability Isssue handling [https://documents.egi.eu/public/RetrieveFile?docid=47&version=11&filename=EGI-MS405-SVG-47-V12.pdf process document] | ||
Also note that common sense may be used - as not all issues are straight forward. The most important thing to remember is not to release information publicly that may be useful to an attacker. | Also note that common sense may be used - as not all issues are straight forward. The most important thing to remember is not to release information publicly that may be useful to an attacker. | ||
== Enter into the Tracker == | |||
If it has not been reported via the Tracker | |||
== Acknowlege the Reporter == | == Acknowlege the Reporter == | ||
Let the reporter know that a real person is aware that the vulnerability has been reported. | |||
This can be done using the template ReporterAfterReport cc the Rat. | |||
{{svg-issue-views}} | {{svg-issue-views}} |
Revision as of 17:03, 15 October 2010
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
RAT Issue Handling Instructions
This page is intended for RAT members to provide a summary of what to do when a software vulnerability has been reported.
Note that this is a first draft, and will probably change/improve as we follow the process described in the Software Vulnerability Isssue handling process document
Also note that common sense may be used - as not all issues are straight forward. The most important thing to remember is not to release information publicly that may be useful to an attacker.
Enter into the Tracker
If it has not been reported via the Tracker
Acknowlege the Reporter
Let the reporter know that a real person is aware that the vulnerability has been reported. This can be done using the template ReporterAfterReport cc the Rat.
| Issue Handling Summary |
Reporters |
SVG View |
Software Providers |
EGI MW Unit |
Deployment |
Notes on Risk |