Document control

AreaISM
Procedure status

FINALISED

Owner

Linda Cornwall for the Software Vulnerability Group (SVG)

ApproversOMB
Approval status

APPROVED

Approved version and date

EGI ACE version 0.10  

Statement

The purpose of the EGI Software Vulnerability group is "To minimize the risk of security incidents due to software vulnerabilities" This document describes how Software vulnerabilities reported are handled.

Dissemination Level

TLP:WHITE - Public

Procedure reviews

The following table is updated after every review of this procedure.

DateReview bySummary of resultsFollow-up actions / Comments

 

Baptiste Grenier 

Import from EGI wiki

 

Baptiste Grenier Align content

Table of contents

Overview

The purpose of EGI Software Vulnerability Group (SVG) is "To minimise the risk to the EGI infrastructure arising from software vulnerabilities".

The largest part of this is the handling of vulnerabilities found in any software which is used on the EGI infrastructure e.g. Operating Systems, Software enabling the sharing of distributed resources, VO specific software, Grid Middleware, Cloud enabling software, Authentication and Authorisation software. 

Definitions

Please refer to the EGI Glossary for the definitions of the terms used in this procedure.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Procedure

See EGI-doc-3867-v5: The EGI Software Vulnerability Group Issue handling procedure - EGI ACE revision

A summary of the procedure is available on the EGI SVG wiki at issue handling summary.