Difference between revisions of "SVG:SVG"

From EGIWiki
Jump to navigation Jump to search
Line 11: Line 11:
== What if you find a software vulnerability? ==
== What if you find a software vulnerability? ==


'''DO NOT''' discuss on a mailing list - especially one with an open subsription policy or public archive
'''DO NOT''' discuss on a mailing list - especially one with an open subscription policy or public archive


'''DO NOT''' post information on a web page
'''DO NOT''' post information on a web page

Revision as of 11:07, 1 November 2012

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

SVG


The EGI Software Vulnerability Group (SVG)

The purpose of the EGI Software Vulnerability Group is to eliminate existing vulnerabilities from the deployed infrastructure, primarily from the grid middleware, prevent the introduction of new ones and prevent security incidents

A poster is available summarising the work of SVG File:PosterSVG-2011.pdf

What if you find a software vulnerability?

DO NOT discuss on a mailing list - especially one with an open subscription policy or public archive

DO NOT post information on a web page

DO NOT publicise in any way - e.g. to the media

IMMEDIATELY Report it to report-vulnerability (at) egi.eu

See Reporters View

Main Tasks of the EGI Software Vulnerability Group

  • Provide an efficient process to report, handle, and resolve software vulnerabilities found in middleware.

This is expected to be the largest activity of the EGI SVG.

  • Provide consultation on software vulnerabilities to the CSIRT team and other EGI groups.
  • Collaborate with other partners to assess software provided in the EGI Unified Middleware Distribution and to look for vulnerabilities.
  • Encourage developers to write secure code, thus reducing the likelihood of future problems, by education and awareness.

Incidents

If a vulnerability has been exploited, it is an incident, and is NOT handled by the EGI Software Vulnerability Group. You should then follow the

Also see the EGI CSIRT Incident Reporting Wiki

The Software Vulnerability Issue Handling process

The EGI Software Vulnerability issue handling summary contains a brief summary of the issue handling process, and links to further information.

The Issue handling process document which as been approved by the project executive board as part of the EGI milestone MS405.

This has been updated and updates approved in October 2011

Other activities

Vulnerability Assessment is the proactive examination of software in order to find vulnerabilities that may exist.

The SVG also encourages developers to write Secure Code Secure Coding