Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:RAT Issue Handling Instructions"

From EGIWiki
Jump to navigation Jump to search
Line 1: Line 1:
{{svg-header}}
{{svg-header}}


This page is intended for [[SVG:RAT | RAT]] members to provide a summary of what to do when a software vulnerability has been reported.
This page is intended for [[SVG:RAT | RAT]] members to provide a summary of what to do when a software vulnerability has been reported. It is intended as a practical summary, to help the RAT carry out the process. Note that this is a first draft, and will probably change/improve as we follow the process.  


Note that this is a first draft, and will probably change/improve as we follow the process described in the Software Vulnerability Isssue handling [https://documents.egi.eu/public/RetrieveFile?docid=47&version=11&filename=EGI-MS405-SVG-47-V12.pdf process document]
The full process is described in the Software Vulnerability Isssue handling [https://documents.egi.eu/public/RetrieveFile?docid=47&version=11&filename=EGI-MS405-SVG-47-V12.pdf process document]


Also note that common sense may be used - as not all issues are straight forward. The most important thing to remember is not to release information publicly that may be useful to an attacker.
Also note that common sense may be used - as not all issues are straight forward. The most important thing to remember is not to release information publicly that may be useful to an attacker.

Revision as of 17:24, 15 October 2010

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

RAT Issue Handling Instructions


This page is intended for RAT members to provide a summary of what to do when a software vulnerability has been reported. It is intended as a practical summary, to help the RAT carry out the process. Note that this is a first draft, and will probably change/improve as we follow the process.

The full process is described in the Software Vulnerability Isssue handling process document

Also note that common sense may be used - as not all issues are straight forward. The most important thing to remember is not to release information publicly that may be useful to an attacker.

Enter into the Tracker

If it has not been reported via the Tracker

Acknowlege the Reporter

Let the reporter know that a real person is aware that the vulnerability has been reported. This can be done using the template ReporterAfterReport cc the Rat.



| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |


Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:RAT_Issue_Handling_Instructions&oldid=4150"