| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Change-Id: I30cb36b2d61f0e57cffeaebaca48623e9b1ba56d
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds two new documents:
- "How to report a security vulnerability" says how to privately
report a security vulnerability with the intention of getting
a fix before public disclosure.
- "Security response team guidelines" is for the security response
team and community members who are responding to privately
disclosed problems and working to provide a fix.
Change-Id: I83475bd4bfa014106ab5c3b50ad81e3488d06ba3
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
|
|
|
This documents the process to privately report OpenBMC
security vulnerabilities with the intention of giving
time to the project to fix the problem before public
disclosure.
This first commit establishes the project's scope.
The next commit:
- provides guidelines to the OpenBMC security response team as it
works to address the security issues and disclose publicly
- establishes the "How to report security vulnerabilities" web
page to tell problem submitters what to include in their report
and what to expect from the OpenBMC security response team
Change-Id: Ib90070f998a815ba3f4430c7eb6ff84b3934e012
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
|
