mirror of
https://github.com/monero-project/meta.git
synced 2024-12-22 11:39:22 +00:00
VRP: redefine public communications platform
As we agreed to (the VRP team).
This commit is contained in:
parent
bcea379ffa
commit
a61b8818ef
1 changed files with 2 additions and 2 deletions
|
@ -90,7 +90,7 @@ PGP fingerprint = 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1
|
||||||
- d. If there are any disputes regarding bug severity, the Monero Response team will ultimately define bug severity
|
- d. If there are any disputes regarding bug severity, the Monero Response team will ultimately define bug severity
|
||||||
|
|
||||||
7. Respond according to the severity of the vulnerability:
|
7. Respond according to the severity of the vulnerability:
|
||||||
- a. HIGH severities must be notified on website and reddit /r/Monero (/r/Kovri for kovri) within 3 working days of classification
|
- a. HIGH severities will be notified via at least one public communications platform (mailing list, reddit, website, or other) within 3 working days of patch release
|
||||||
- i. The notification should list appropriate steps for users to take, if any
|
- i. The notification should list appropriate steps for users to take, if any
|
||||||
- ii. The notification must not include any details that could suggest an exploitation path
|
- ii. The notification must not include any details that could suggest an exploitation path
|
||||||
- iii. The latter takes precedence over the former
|
- iii. The latter takes precedence over the former
|
||||||
|
@ -130,7 +130,7 @@ PGP fingerprint = 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1
|
||||||
- viii. Mitigating factors (for example, the vulnerability is only exposed in uncommon, non-default configurations)
|
- viii. Mitigating factors (for example, the vulnerability is only exposed in uncommon, non-default configurations)
|
||||||
- ix. Workarounds (configuration changes users can make to reduce their exposure to the vulnerability)
|
- ix. Workarounds (configuration changes users can make to reduce their exposure to the vulnerability)
|
||||||
- x. If applicable, credits to the original reporter
|
- x. If applicable, credits to the original reporter
|
||||||
- c. Release finalized vulnerability announcement on website and reddit /r/Monero (/r/Kovri for kovri)
|
- c. Release finalized vulnerability announcement on public communications platform (mailing list, reddit, website, or other)
|
||||||
- d. For HIGH severities, release finalized vulnerability announcement on well-known mailing lists:
|
- d. For HIGH severities, release finalized vulnerability announcement on well-known mailing lists:
|
||||||
- i. oss-security@lists.openwall.com
|
- i. oss-security@lists.openwall.com
|
||||||
- ii. bugtraq@securityfocus.com
|
- ii. bugtraq@securityfocus.com
|
||||||
|
|
Loading…
Reference in a new issue