public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [RFC] Propose update of security bug handling process
@ 2019-04-12  8:43 Wang, Jian J
  2019-04-12 12:51 ` Laszlo Ersek
  0 siblings, 1 reply; 7+ messages in thread
From: Wang, Jian J @ 2019-04-12  8:43 UTC (permalink / raw)
  To: bugs@edk2.groups.io
  Cc: devel@edk2.groups.io, Laszlo Ersek, Zimmer, Vincent,
	Cetola, Stephano, Gao, Liming

Hi,

Currently, we generally follow below process to handle security bugs.
But there're no document to describe the detailed working flow. There're
also discussions on lacking of important information, poor issue description
and no timely notification on update, etc.

       "0 - New Security Bug"
  -> "1 - Triage"
  -> "2 - Mitigation"
  -> "3 - Embargo"
  -> "4 - Disclosure"
  -> "5 - Exit";

I have a proposal at following page to elaborate the process and try to address
all problems reported so far. Following content is for discussion only. Once the
process is finalized, it will be moved to official edk2 wiki page.

https://github.com/jwang36/tianocore.github.io/wiki/Proposal-of-security-issue-process

Any opinions and suggestions are welcomed.

Regards,
Wang, Jian J


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2019-04-16  6:33 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-12  8:43 [RFC] Propose update of security bug handling process Wang, Jian J
2019-04-12 12:51 ` Laszlo Ersek
2019-04-15  5:36   ` [edk2-devel] " Wang, Jian J
2019-04-15 17:04     ` Laszlo Ersek
2019-04-16  6:06       ` Wang, Jian J
2019-04-16  6:33         ` Andrew Fish
2019-04-16  0:03     ` Vincent Zimmer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox