IEEE.org     |     IEEE Xplore Digital Library     |     IEEE Standards     |     IEEE Spectrum     |     More Sites

SECURITY.md 1.6 KB
Newer Older
Joshua Gay's avatar
Joshua Gay committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
## TODO

* Create <opensource-security@ieee.org>
* Determine how we will obtain CVE numbers

You may choose to adapt our standard template or to construct your own
security process documentation. In all cases, your documentation
should be inline with the following process.

## Security Reporting

If you wish to report a security vulnerability -- thank you! -- we ask
that you follow the following process, which complies with the Open
Source Committee Maintainers Manual.

Please fill out the following template:

Please report security vulnerabilities by filling out the following template:

* PROJECT: A URL to project's repository
* PUBLIC: Please let us know if this vulnerability has been made or discussed publicly already, and if so, please let us know where. 
* DESCRIPTION: Please provide precise description of the security vulnerability you have found with as much information as you are able and willing to provide.

Please send the above info, along with any other information you feel
is pertinant to: <opensource-security@ieee.org>.

In addition, you may request that the project provide you a patched
release in advance of the release announcement, however, we can not
gaurantee that such information will be provided to you in advance of
the public release and announcement. However ,the Open Source
Community Manager will email you at the same time the public
announcement is made.

The IEEE SA Open Source Community Manager will let you know within two
business weeks whether or not your report has been accepted or
rejected. We ask that you please keep the report confidential until we
have made a public announcement.