Versions Compared

Old Version 27

changes.mady.by.user Krzysztof Opasiak

Saved on

compared with

New Version 28

changes.mady.by.user Kenny Paul

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added infrastructure info box.


Info

The processes defined are to report issues against the ONAP platform itself, not the supporting infrastructure that is used by this opensource community.

  • If you would like to report a vulnerability against infrastructure (such as DNS, web or email services), please go to http://support.linuxfoundation.org/ → Project Services → Infrastructure Operations and file a bug.
  • The ONAP Project does not pay bug bounties.

Glossary

Term  

Definition  

Embargo

A time period where key ONAP stakeholders have access to details concerning the security vulnerability, with an understanding not to publish these details or the fixes they have prepared. The embargo ends with a coordinated release date (CRD). (adapted from source)

Subject Matter Expert (SME)

A developer or other specialist who can provide contextual information that helps to determine the validity and impact of a potential  security vulnerability.

Security SME

A security SME is a specialist who is familiar with the ONAP security vulnerability procedures and security in general.

Peer reviewed

In the context of a patch, the term peer reviewed refers to the patch having been reviewed by the ONAP vulnerability sub-committee and any other relevant key stakeholders. There is not yet a strict definition of the number   of people who need to have reviewed the patch, or how they provide sign off.

...