Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Reporters View"

From EGIWiki
Jump to navigation Jump to search
Line 7: Line 7:
== What to do if you find a Software Vulnerability in the EGI infrastructure ==
== What to do if you find a Software Vulnerability in the EGI infrastructure ==


You should follow the EGI Software Vulnerability Handling Issue process [https://documents.egi.eu/public/RetrieveFile?docid=47&version=11&filename=EGI-MS405-SVG-47-V12.pdf pdf-file]  
You should follow the approved [https://documents.egi.eu/document/717  EGI Software Vulnerability Issue Handling Process ]  [https://documents.egi.eu/public/RetrieveFile?docid=47&version=11&filename=EGI-MS405-SVG-47-V12.pdf pdf-file]  


'''DO NOT''' discuss on a mailing list - especially one with an open subsription policy or public archive
'''DO NOT''' discuss on a mailing list - especially one with an open subsription policy or public archive

Revision as of 15:21, 17 August 2012

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Reporters View


Reporters View and Responsibilities

This describes the reporters view and responsibilities.

What to do if you find a Software Vulnerability in the EGI infrastructure

You should follow the approved EGI Software Vulnerability Issue Handling Process pdf-file

DO NOT discuss on a mailing list - especially one with an open subsription policy or public archive

DO NOT post information on a web page

DO NOT publicise in any way - e.g. to the media

IMMEDIATELY Report it to report-vulnerability (at) egi.eu

If you have accidentally released information publicly

Let us know, and try and get it removed, e.g. if you have put details on a public web page - please delete it.

Help and co-operate with the investigation

It is often extremely helpful if the person who finds a vulnerability is able to assist with the investigation. This is not mandatory.

The reporter receives information

The SVG will let you know reporter know the outcome of the investigation and risk assessment, including the risk category and Target Date for resolution. You will receive a copy of the advisory, if one is issued.


| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |


Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Reporters_View&oldid=39706"