Skip to content

Latest commit

 

History

History
40 lines (27 loc) · 1.78 KB

vulnerability-management.md

File metadata and controls

40 lines (27 loc) · 1.78 KB

Vulnerability Management: Working Group Charter

Mission

Provides discreet management of security vulnerabilities issues relevant for active CF projects.

Goals

  • Provide a single point of contact for security vulnerability reporting and management.
  • Provide management of security vulnerability reports through to resolution, including but not limited to triage, reporter and team coordination, embargo negotiation, CVSS scoring, CVE assignments, pre-disclosure and disclosure.

Scope

  • Triage incoming security vulnerability reports to [email protected].
  • Manage vulnerabilities through dedicated slack channels.
  • When appropriate, negotiate suitable embargo periods with the reporter to afford component teams time to fix the issue before it becomes known publicly.
  • When appropriate, assign CVE numbers to vulnerabilities/fixes.
  • Publish pre-disclosures to allow all CF distributions time to adopt fixes for high/critical vulnerabilities before they become known publicly.
  • Publish disclosures of reported security vulnerabilities.

Non-Goals

  • Add security-related features to Cloud Foundry projects.

Technical Lead(s):

Execution Lead(s):

Technical Assets

Security process and broadcast channels for security disclosures.