| [SVG:SVG:Main Page |EGI SVG wiki]] | [EGI SVG:SVG:Vulnerability handling|Vulnerability handling]] |
=SVG = Category:SVG
|This page is under construction.|
The EGI Software Vulnerability Group (SVG)
The purpose of the EGI Software Vulnerability Group is to eliminate existing vulnerabilities from the deployed infrastructure, primarily from the grid middleware, prevent the introduction of new ones and prevent security incidents
- Terms of Reference (draft)
Main Tasks of the EGI Software Vulnerability Group
- Provide an efficient process to report, handle, and resolve software vulnerabilities found in middleware.
This is expected to be the largest activity of the EGI SVG.
- Provide consultation on software vulnerabilities to the CSIRT team and other EGI groups.
- Collaborate with other partners to assess software provided in the EGI Unified Middleware Distribution and to look for vulnerabilities.
- Encourage developers to write secure code, thus reducing the likelihood of future problems, by education and awareness.
What to do if you find a Software Vulnerability in the EGI infrastructure
You should follow the EGI Software Vulnerability Handling Issue process  .
DO NOT discuss on a mailing list - especially one with an open subsription policy or public archive
DO NOT post information on a web page
DO NOT publicise in any way - e.g. to the media
IMMEDIATELY Report it to report-vulnerability (at) egi.eu
The Software Vulnerability Issue Handling process
The Issue handling process document which as been approved by the project executive board is available at
as part of the EGI milestone MS405.
Also see summary of the EGI Software Vulnerability issue handling process