Skip to content
Snippets Groups Projects
Normal view Permalink
SECURITY.md 1.33 KiB
Newer Older
Marta Rybczynska's avatar
SECURITY.md: add to all layers
Marta Rybczynska committed
1 2 3 4 5 6 7 8 9 10 
<!--
SPDX-FileCopyrightText: Huawei Inc.

SPDX-License-Identifier: CC-BY-4.0
-->

# How to report a vulnerability?

If you think you have found a security issue in our distribution, please
contact us immediatelly by posting a confidential issue in our bug
Marta Rybczynska's avatar
SECURITY.md: use Eclipse security bugtracker  
Marta Rybczynska committed
11 
tracker in a [dedicated security project](https://gitlab.eclipse.org/security/oniro-core).
Marta Rybczynska's avatar
SECURITY.md: add to all layers
Marta Rybczynska committed
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 

To do so, login into our issue tracker or create a new account if you do not
have one yet. Click on `New issue`, then make sure to check the checkbox at
the bottom
`This issue is confidential and should only be visible to team members with at least Reporter access`.
Please use the `Issue` type of ticket and the associated template. Fill in the
title, answer the questions in the `Description` field. Then click
`Create issue`.

Your report should contain a description of the issue, the steps you took to
reproduce the issue (including the image name), affected versions, and,
if known, any mitigations for the issue.

We plan to add a security-related mailing list and a possibility to send
GPG-encrypted email in the near future.

We aim to acknowledge the reception within one working day, and responding
with a first assessment within three working days. We follow a 90 days
disclosure timeline.

We will be happy to acknowledge your work in the vulnerability
announcement, and will do so if you do not object.

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent