Document control

Procedure status


Approval status


Approved version and date

EGI ACE version 0.10  


The purpose of the EGI Software Vulnerability group is "To minimize the risk of security incidents due to software vulnerabilities" This document describes how Software vulnerabilities reported are handled.

Dissemination Level

TLP:WHITE - Public

Procedure reviews

The following table is updated after every review of this procedure.

DateReview bySummary of resultsFollow-up actions / Comments


Import from EGI wiki


Baptiste Grenier Align content

Table of contents


The purpose of EGI Software Vulnerability Group (SVG) is "To minimise the risk to the EGI infrastructure arising from software vulnerabilities".

The largest part of this is the handling of vulnerabilities found in any software which is used on the EGI infrastructure e.g. Operating Systems, Software enabling the sharing of distributed resources, VO specific software, Grid Middleware, Cloud enabling software, Authentication and Authorisation software. 


Please refer to the EGI Glossary for the definitions of the terms used in this procedure.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.


See EGI-doc-3867-v5: The EGI Software Vulnerability Group Issue handling procedure - EGI ACE revision

A summary of the procedure is available on the EGI SVG wiki at issue handling summary.