Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

SVG:Software Providers View

From EGIWiki
Revision as of 16:27, 28 October 2010 by Cornwall (talk | contribs)
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Software Providers View

Baustelle.png This page is under construction.


Software providers agree to an SLA

In order that their software is included in the EGI UMD, software providers agree to a Service Level Agreement (SLA). For members of EGI, this can be read from

SLA


In summary, software providers agree:

  • Suspected vulnerabities found in their software are handled using the EGI SVG issue handling process
  • To provide contact details, and keep them up to date
  • To respond when asked by SVG as soon as possible - or at least within 2 working days

Software providers co-operate with the investigation

Software providers should help with the investigation of a potential vulnerability to find whether it is real or not, what the consequences of an exploit might be, and in what circumstances it may be exploited.

Await Risk Assessment

After investigation, the software providers will await a risk assessment.

Fix the software

If the vulnerability is real, fix the software and co-ordinate with certification people, as well as the EGI Middleware unit to ensure that the vulnerability is eliminated in the software available in the EGI UMD by the Target Date.

Review Advisory

The software providers should review the advisory, and ensure it is accurate.

| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |