Lines Matching full:security

1 # The OpenBMC security vulnerability reporting process
3 This describes the OpenBMC security vulnerability reporting process which is
4 intended to give the project time to address security problems before public
9 - a procedure to privately report security vulnerabilities
10 - a security response team to address reported vulnerabilities
11 - the openbmc-security email address for the response team
12 - guidelines for security response team members
16 1.  A community member reports a problem privately to the security response team
18 2.  The responders (including the security response team, the repository
20 3.  The repository maintainer creates an OpenBMC security advisory which
25 5.  The OpenBMC security advisory is published along with any accompanying CVEs.
27 Note that the OpenBMC security response team is distinct from the OpenBMC
28 security working group which remains completely open.
31 [How to privately report a security vulnerability](./how-to-report-a-security-vulnerability.md)
32 web page explains how OpenBMC community members can report a security
36 The `openbmc-security at lists.ozlabs.org` email address is the primary
38 security response team, and the initial communication between the security
42 [Guidelines for security response team members](./obmc-security-response-team-guidelines.md)