The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "SVG:SVG"
| Line 5: | Line 5: | ||
The purpose of the EGI Software Vulnerability Group is "To minimize the risk to the EGI infrastructure arising from software vulnerabilities“ | The purpose of the EGI Software Vulnerability Group is "To minimize the risk to the EGI infrastructure arising from software vulnerabilities“ | ||
The EGI SVG runs a procedure for handling software vulnerabilities reported which are relevant to the EGI infrastructure. This includes vulnerabilities announced by major providers, as well as software which is developed by collaborating projects and organisations used in the EGI infrastructure. | |||
The EGI SVG runs a | |||
* [https://documents.egi.eu/document/108 Terms of Reference] | * [https://documents.egi.eu/document/108 Terms of Reference] | ||
== Software for use on the EGI infrastructure == | == Software for use on the EGI infrastructure == | ||
| Line 34: | Line 31: | ||
== Main Tasks of the EGI Software Vulnerability Group == | == Main Tasks of the EGI Software Vulnerability Group == | ||
*Provide an efficient process to report, handle, and resolve software vulnerabilities | *Provide an efficient process to report, handle, and resolve software vulnerabilities in software used in the EGI infrastructure. | ||
This is the largest activity of the EGI SVG. | This is the largest activity of the EGI SVG. | ||
| Line 53: | Line 50: | ||
The EGI Software Vulnerability [[SVG:Issue Handling Summary | issue handling summary]] contains a brief summary of the issue handling process, and links to further information. | The EGI Software Vulnerability [[SVG:Issue Handling Summary | issue handling summary]] contains a brief summary of the issue handling process, and links to further information. | ||
*[https://documents.egi.eu/document/ | *[https://documents.egi.eu/document/2538 EGI Software Vulnerability Issue Handling Process ] | ||
This has been updated and updates approved in October 2011 | This has been updated and updates approved in October 2011 | ||
| Line 65: | Line 60: | ||
The SVG also encourages developers to write Secure Code [[SVG:Secure Coding | Secure Coding ]] | The SVG also encourages developers to write Secure Code [[SVG:Secure Coding | Secure Coding ]] | ||
A poster is available summarising the work of SVG [[File:PosterSVG-2011.pdf | Poster ]] (This is a little old.) | |||
Revision as of 17:14, 10 February 2016
| Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
SVG
The EGI Software Vulnerability Group (SVG)
The purpose of the EGI Software Vulnerability Group is "To minimize the risk to the EGI infrastructure arising from software vulnerabilities“
The EGI SVG runs a procedure for handling software vulnerabilities reported which are relevant to the EGI infrastructure. This includes vulnerabilities announced by major providers, as well as software which is developed by collaborating projects and organisations used in the EGI infrastructure.
Software for use on the EGI infrastructure
SVG cannot dictate what software is in use on the infrastructure, especially in the rapidly changing environment.
If you are involved in selecting software for use in the EGI infrastructure, or developing software for use in the EGI infrastructure it is important that you take some responsibility for the security of that software.
To help, we have produced a Software Security Checklist of things that you should consider.
What if you find a software vulnerability?
DO NOT discuss on a mailing list - especially one with an open subscription policy or public archive
DO NOT post information on a web page
DO NOT publicise in any way - e.g. to the media
IMMEDIATELY Report it to report-vulnerability (at) egi.eu
See Reporters View
Main Tasks of the EGI Software Vulnerability Group
- Provide an efficient process to report, handle, and resolve software vulnerabilities in software used in the EGI infrastructure.
This is the largest activity of the EGI SVG.
- Provide consultation on software vulnerabilities to the CSIRT team and other EGI groups.
- Collaborate with other partners to assess software provided in the EGI Unified Middleware Distribution and to look for vulnerabilities.
- Encourage developers to write secure code, thus reducing the likelihood of future problems, by education and awareness.
Incidents
If a vulnerability has been exploited, it is an incident, and is NOT handled by the EGI Software Vulnerability Group. You should then follow the
Also see the EGI CSIRT Incident Reporting Wiki
The Software Vulnerability Issue Handling process
The EGI Software Vulnerability issue handling summary contains a brief summary of the issue handling process, and links to further information.
This has been updated and updates approved in October 2011
Other activities
Vulnerability Assessment is the proactive examination of software in order to find vulnerabilities that may exist.
The SVG also encourages developers to write Secure Code Secure Coding
A poster is available summarising the work of SVG File:PosterSVG-2011.pdf (This is a little old.)