Flaw Disclosure

Anytime an individual discovers a security flaw, there are certain steps that should be taken to ensure that the details of the flaw are disclosed in a responsible and acceptable manner. Reporting a flaw in open source software poses a number of unique challenges compared to the closed source counterparts.

This document should not be seen as a set of rules, but rather a set of best practices designed to help inform and guide the projects, researchers, and developers.

How a flaw should be dealt with can be broken into two distinct groups:

(FIXME The Content in whattodo should be merged into these pages)

Matthieu Herrb's presentation on the topic based on his experience with XFree86 and X.Org (in French). Matthieu offered - “If someone would like to translate it, I can provide the LaTeX/beamer source file for it.”

Alex Gaynor's "Security process for Open Source Projects"

disclosure.txt · Last modified: 2013/10/23 16:28 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share