Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @

Difference between revisions of "SVG:SVG"

From EGIWiki
Jump to navigation Jump to search
(Deprecate and redirect page)
Tag: Replaced
(48 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== The EGI Software Vulnerability Group (SVG) ==
The purpose of the EGI Software Vulnerability Group is to eliminate existing vulnerabilities from the deployed infrastructure, primarily from the grid middleware, prevent the introduction of new ones and prevent security incidents
The EGI SVG runs a process for handling software vulnerabilities reported. While our work is primarily designed to handle vulnerabilities in Grid Middleware, other vulnerabilities found in software used in the EGI infrastructure may also be reported to us and we pass the information on to the software suppliers, as well as considering the risk to the EGI infrastructure.
* [ Terms of Reference]
A poster is available summarising the work of SVG  [[File:PosterSVG-2011.pdf | Poster ]]
== What if you find a software vulnerability? ==
'''DO NOT''' discuss on a mailing list - especially one with an open subscription policy or public archive
'''DO NOT''' post information on a web page
'''DO NOT''' publicise in any way - e.g. to the media
'''IMMEDIATELY Report it to report-vulnerability (at)'''
See [[SVG:Reporters_View | Reporters View ]]
== Main Tasks of the EGI Software Vulnerability Group ==
*Provide an efficient process to report, handle, and resolve software vulnerabilities found in middleware.
This is expected to be the largest activity of the EGI SVG.
*Provide consultation on software vulnerabilities to the CSIRT team and other EGI groups.
*Collaborate with other partners to assess software provided in the EGI Unified Middleware Distribution and to look for vulnerabilities.
*Encourage developers to write secure code, thus reducing the likelihood of future problems, by education and awareness.
== Incidents ==
If a vulnerability has been exploited, it is an incident, and is NOT handled by the EGI Software Vulnerability Group.  You should then follow the
* [ EGI CSIRT incident Handling procedure] 
Also see the [[EGI_CSIRT:Incident_reporting | EGI CSIRT Incident Reporting Wiki ]]
== The Software Vulnerability Issue Handling process ==
The EGI Software Vulnerability [[SVG:Issue Handling Summary |  issue handling  summary]] contains a brief summary of the issue handling process, and links to further information.
The Issue handling process document which as been approved by the project executive board as part of the EGI milestone MS405.
*[ EGI Software Vulnerability Issue Handling Process ]
This has been updated and updates approved in October 2011
== Other activities ==
[[SVG:Vulnerability Assessment | Vulnerability Assessment]] is the proactive examination of software in order to find vulnerabilities that may exist.
The SVG also encourages developers to write Secure Code [[SVG:Secure Coding | Secure Coding ]]

Latest revision as of 12:46, 15 April 2022

Alert.png This article is Deprecated and has been moved to