This section contains reference templates for communication used in Vulnerability Management Process.
Reception confirmation email
Message should be signed.
Please double check to not include content of the original bug report in plain text.
Reception confirmation email
Dear {reporter},
Thank you for your report.
We confirm reception of your report. We still did not classified your report but we would like to ensure you that we are looking into this.
We have created a private security issue in JIRA to track this issue:
{jira_issue_url}
If you would like to participate in this ticket please provide us your JIRA username.
We will provide you update on your report status as soon as possible.
Thanks
{ onap_vulnerability_ sub-committee _member}, on behalf of the ONAP vulnerability sub-committee
Triage confirmation email
Message should be signed.
Triage confirmation email
Dear {reporter},
This issue has been confirmed as a security vulnerability in { project }.
The initially assign severity level is: {severity level}.
Please let us know if you disagree with our assessment.
We would like to get it fixed under the ONAP embargoed security vulnerability process.
Please do not discuss or disclose details about this flaw prior to the agreed disclosure date (TBA).
All decisions, discussions, and proposed patches and reviews are to be done via this tracking issue:
{jira_issue_url}
In general we will request for a CVE number for every confirmed security vulnerability to ensure full traceability.
Please let us know if you have already obtained a CVE number for this issue in order to avoid duplicates.
Thanks
{ onap_vulnerability_ sub-committee _member}, on behalf of the ONAP vulnerability sub-committee