Difference between revisions of "SVG:RAT Issue Handling Templates contd"
Jump to navigation
Jump to search
Line 26: | Line 26: | ||
For arranging resolution - Send to S/W provider, developer(s), | For arranging resolution - Send to S/W provider, developer(s), | ||
EGI and EMI contacts as listed. | |||
For UMD issues - | |||
<pre> | |||
Send to S/W provider, | |||
developer(s), | |||
EGI and EMI contacts as listed | EGI and EMI contacts as listed | ||
Francesco Giacomini francesco.giacomini@cnaf.infn.it (EMI SA1) | |||
Michel Drescher michel.drescher@egi.eu (EGI SA2 Activity Manager) | |||
Michael Gronager gronager@ndgf.org (EGI Team Leader TSA2.5 - DMSU (Distributed Middleware Support Unit) | |||
Kostas Koumantaros kkoum@grnet.gr (EGI Team Leader TSA2.4 - EGI Repository and support tools) | |||
Mario David david@lip.pt (Task Leader TSA1.3 - StageRollout) | |||
CC RAT, Reporter. | |||
Result of Risk Assessment for EGI RT issue <n> concerning <xxx> | Result of Risk Assessment for EGI RT issue <n> concerning <xxx> | ||
Line 56: | Line 72: | ||
</pre> | </pre> | ||
For IGE issues: | |||
<pre> | |||
Send to Oscar Koeroo, Mischa Salle, Mattias Ellert, Helmut.Heller CC RAT, Reporter. | |||
Dear Oscar, Mischa, Mattias, Helmut, ..... | |||
The Software Vulnerability Concerning <xxx> has be assessed as <RISK> risk. Hence a target date for resolution has been set to <n> <weeks/months> from now, to <date>. Please co-ordinate to ensure that this issue is resolved in the middleware available for installation in the EGI infrastructure by this date. | |||
Information is available in the EGI RT at | |||
https://rt.egi.eu/rt/Ticket/Display.html?id=<ID> | |||
If you cannot view this or need further information then please ask. | |||
We will draft an advisory, and would appreciate your input to ensure it is complete and correct. | |||
Regards, | |||
The EGI Software Vulnerability Group (SVG) | |||
</pre> | |||
Inform the Reporter of the outcome - template ReporterAfterRisk | Inform the Reporter of the outcome - template ReporterAfterRisk |
Revision as of 18:19, 9 December 2010
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
RAT Issue Handling Templates contd
After investigation
After the investigation has concluded, assuming the issue is valid request a risk assessment to the RAT - template RATRequestRiskAssessment
<include the EGI RT number and software item in title> Dear RAT members, Please take a look at the vulnerability concerning <xxx> and give your opinion on the risk. It is in the EGI request Tracker at https://rt.egi.eu/rt/Ticket/Display.html?id=<ID for this case> Please put your opinion in the tracker - or respond to a tracker notification. Thank you, <RAT member sending message>
After Risk Assessment
For arranging resolution - Send to S/W provider, developer(s), EGI and EMI contacts as listed.
For UMD issues -
Send to S/W provider, developer(s), EGI and EMI contacts as listed Francesco Giacomini francesco.giacomini@cnaf.infn.it (EMI SA1) Michel Drescher michel.drescher@egi.eu (EGI SA2 Activity Manager) Michael Gronager gronager@ndgf.org (EGI Team Leader TSA2.5 - DMSU (Distributed Middleware Support Unit) Kostas Koumantaros kkoum@grnet.gr (EGI Team Leader TSA2.4 - EGI Repository and support tools) Mario David david@lip.pt (Task Leader TSA1.3 - StageRollout) CC RAT, Reporter. Result of Risk Assessment for EGI RT issue <n> concerning <xxx> ------------------------------------------------------ Dear Francesco Giacomini (EMI SA1 leader) Michel Drescher (EGI SA2 Activity Manager) Michael Gronager (EGI Team Leader TSA2.5 - DMSU (Distributed Middleware Support Unit) Kostas Koumantaros (EGI Team Leader TSA2.4 - EGI Repository and support tools) Mario David (Task Leader TSA1.3 - StageRollout) <.....>, The Software Vulnerability Concerning <xxx> has be assessed as <RISK> risk. Hence a target date for resolution has been set to <n> <weeks/months> from now, to <date>. Please co-ordinate to ensure that this issue is resolved in the middleware available for installation in the EGI infrastructure by this date. Please ensure that you do not reveal information publicly which could be useful to an attacker. Information is available in the EGI RT at https://rt.egi.eu/rt/Ticket/Display.html?id=<ID> You should be able to view this information. If you cannot or need further information then please ask. We will draft an advisory, and would appreciate your input to ensure it is complete and correct. Regards, The EGI Software Vulnerability Group (SVG)
For IGE issues:
Send to Oscar Koeroo, Mischa Salle, Mattias Ellert, Helmut.Heller CC RAT, Reporter. Dear Oscar, Mischa, Mattias, Helmut, ..... The Software Vulnerability Concerning <xxx> has be assessed as <RISK> risk. Hence a target date for resolution has been set to <n> <weeks/months> from now, to <date>. Please co-ordinate to ensure that this issue is resolved in the middleware available for installation in the EGI infrastructure by this date. Information is available in the EGI RT at https://rt.egi.eu/rt/Ticket/Display.html?id=<ID> If you cannot view this or need further information then please ask. We will draft an advisory, and would appreciate your input to ensure it is complete and correct. Regards, The EGI Software Vulnerability Group (SVG)
Inform the Reporter of the outcome - template ReporterAfterRisk
Dear <name>, Re- Vulnerability issue concerning xxx The EGI Software Vulnerability Group Risk Assessment Team has considered this issue and it has been assessed as <RISK> risk. An advisory will be released no later than <put target date here>. You should receive a copy of the advisory. Or The EGI Software Vulnerability Group Risk Assessment Team has considered this issue and <appropriate other findings and action or not> Regards, The EGI Software Vulnerability Group
Advisory Template
Use the General Advisory Template
| RAT Issue Handling Instructions | RAT Issue Handling Templates | RAT Issue Handling Templates contd | SVG-CSIRT Critical Notes | Advisory Template |
| Issue Handling Summary |
Reporters |
SVG View |
Software Providers |
EGI MW Unit |
Deployment |
Notes on Risk |