-
Notifications
You must be signed in to change notification settings - Fork 344
Reporting Security Issues
Sign up for a Tianocore Bugzilla account and enter a new issue in the Tianocore Security Issue product. Issues in the Tianocore Security Issue product are visible to Reporter of the issue and the infosec group.
When a Tianocore Security Issue is entered, the issue is evaluated by the infosec group to determine if the issue is a security issue or not. If it is not deemed to be a security issue, then the issue is converted to a standard issue and follows the normal issue resolution process. If the issue is confirmed to be a security issue, then the priority, severity, and impact of the issue is assessed by the infosec group. Discussions, resolution, and patches are completed within Bugzilla. A date for public disclose is determined, and on that date the issue is made public and added to the list of Security Advisories.
If you are interested in being involved in the evaluation of Tianocore Security Issues, then please send an email request to join the Tianocore Bugzilla infosec group to the Tianocore Community Manager or one of the Tianocore Stewards.
NOTE: Never send any details related to a security issue in email.
List of current EDK II Security Advisory logs: V .002 Download PDF
Home
Getting Started with EDK II
Build Instructions
EDK II Platforms
EDK II Documents
EDK II Release Planning
Reporting Issues
Reporting Security Issues
Community Information
Inclusive Language
Additional Projects & Tasks
Training
Community Support
Community Virtual Meetings
GHSA GitHub Security Advisories Proceess (Draft)