...
As ONAP is very young project with a lot of code coming in every release. That's why for now Even through we are interested in receiving bugs for all ONAP releases that are currently in use, we will develop patches forpatches ONLY FOR THE LATEST RELEASE and FOR THE MASTER BRANCH (next version under development) .
...
- Create ticket with issue description in Vulnerability Reporting Jira Project (VMS members)
- Make the ticket publicly visible (VMS members)
- Assign the bug to one of VMS members
- Perform bug triage and CVE request if necessary (VMS coordinator)
- Send email containing triage results to ONAP TSC Chair and LFN representative /TSC should decide who is this contact point/
- Rest of standard process should be followed, skipping embargoed disclosure step
...
- Make the related ticket publicly visible
- If a patch has been already proposed push it immediately to gerrit
- Skip embargoed disclosure.
- Send email confirming that issue has been leaked to ONAP TSC Chair and LFN representative /TSC should decide who is this contact point/
- Rest of standard process should be followed and finished as soon as possible.
...