@@ -264,11 +264,10 @@ If someone can download compiled (e.g., JAR) files and use them without any sort
____
+
If you're not sure, check with your PMC or the xref:vulnerability-team[Security Team].
+
If the reporter requests a CVE number, the Eclipse Foundation Security team will assign one if there is a reasonable probability of a real Vulnerability.
+
It's a bit of a rite of passage for an open source project to disclose their first vulnerability. If in doubt, ask the Eclipse Foundation Security Team for guidance.
It's a a rite of passage (that should be considered a good for the project and community) for an open source project to disclose their first vulnerability. If in doubt, ask the Eclipse Foundation Security Team for guidance.
Do we need a xref:vulnerability-cve[CVE] for versions of software that we released before moving our project to the Eclipse Foundation? ::
@@ -109,7 +109,7 @@ Specifications :: If the project will develop xref:specifications[specifications
[NOTE]
====
In their January 2020 meeting, the Eclipse Foundation's Board of Directors passed this resolution:
+
_RESOLVED, that the Board instructs the EMO to ensure as quickly as practical that all Eclipse Foundation projects which deliver specifications do so under the auspices of the Eclipse Foundation Specification Process (EFSP)._
