On Sat, May 4, 2019 at 2:51 PM Sharan Foga <sha...@apache.org> wrote:
> ... > Not sure if this has come up already but another idea for ApacheCon talks > that came up in a brainstorming session (thanks Myrle :-) a few weeks ago > was around security vulnerabilities and how to handle them > > For example: > - An intro to the ASF Security team, who they are, what it does and how it > works > - An overview of the process for managing Security vulnerabilities, > - What are the project Do’S and Dont’s when it comes to handling security > vulnerabilities? > - Any real life stories from the trenches – how it was resolved > > This is something really important for all our projects to know and > understand (which is why I’m mentioning it here under Community). > > So if you are interested in talking about this topic then please submit > something for the CFPs for Las Vegas and Berlin. > Just catching up with dev@ mail and wish had seen this sooner. I'll be out at Vegas and want to do something like this -- we could do it as a BoF session now. Things we get ask include the above and specifically "How does CVE allocation work", "How do we deal with issues that cross multiple projects", "How to deal with stuff that's private when we need to commit public before release" and so on. Mark
