Hi, We now have a JIRA private security scheme that can be requested for assignment to projects.
This will allow OPNFV projects to tag security issues raised in JIRA as private. I really would advise projects to make use of this JIRA feature. Being able to work on security fixes under a private embargo reduces the pressure of a security risk being found in your project, and in turn allows downstream stakeholders time to prepare patches / patch deployment plans. By being vulnerability managed, you will have the help of the security group to allow a co-ordinated response using 'responsible disclosure' approach. More details on how to sign up are on the security group wiki page: https://wiki.opnfv.org/display/security/Security+Vulnerability+Classification+in+OPNFV+JIRA Big thanks for Mark Beierl for setting this up, and the support from Yujun Zhang on making QTIP a pilot project. Regards, Luke - Security Group PTL.
_______________________________________________ opnfv-tech-discuss mailing list [email protected] https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
