Context and re-use of information in Advisories
Advisories are prepared as part of the effort to fulfil EGI SVG's purpose
"To minimize the risk of security incidents due to software vulnerabilities"
The risk included in advisories is that assessed by the group, according to the EGI SVG issue handling procedure [R 1] in the context of how the software is used in the EGI infrastructure. It is the opinion of the group, we do not guarantee it to be correct. The risk may also be higher or lower in other deployments depending on how the software is used.
Note that for SVG advisories follow the 'traffic light protocol', see
https://confluence.egi.eu/display/EGIG/Traffic+Light+Protocol
for distribution restrictions.
In addition:--
For [CLEAR] (or public) information
Advisories are subject to the Creative commons licence https://creativecommons.org/licenses/by/4.0/ and
the EGI https://www.egi.eu/ Software Vulnerability Group must be credited.
For [GREEN] and [AMBER] information
Others may re-use the information provided they:-
1) Respect the provided TLP classification
2) Credit the EGI https://www.egi.eu/ Software Vulnerability Group
For [RED] information - please do NOT redistribute without the permission of SVG.
Reporting software vulnerabilities relevant to EGI
If you find or become aware of a vulnerability which is relevant to EGI you may report it by e-mail to
report-vulnerability at egi.eu
the EGI Software Vulnerability Group will take a look according to the procedure defined in [R 1]
Contacting the EGI SVG
The EGI SVG may be contacted by e-mail to
svg-rat at mailman.egi.eu
This includes if you have any comments or questions on advisories or anything else.
[R 1] https://documents.egi.eu/document/3867