Difference between revisions of "StarlingX/Security"
m (→Team Information) |
|||
Line 7: | Line 7: | ||
=== How to report security issues to Starling X === | === How to report security issues to Starling X === | ||
− | If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly. By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team. Please send an | + | If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly. By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team. We provide two ways to report issues to the Starling X VMT depending on how sensitive the issue is: |
− | *Ken Young <[mailto:ken.young@windriver.com ken.young@windriver.com]> | + | # Open the [https://bugs.launchpad.net/starlingx StarlingX bug tracking page] and click the [https://bugs.launchpad.net/starlingx/+filebug ‘Report a bug’] link at the top right of the page. |
− | *Bruce Jones <[mailto:bruce.e.jones@intel.com bruce.e.jones@intel.com]> | + | ## “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words... |
− | *Cindy Xie <[mailto:cindy.xie@intel.com cindy.xie@intel.com]> | + | ##* Click “Next” button. |
− | *Brent Rowsell <[mailto:Brent.Rowsell@windriver.com Brent.Rowsell@windriver.com]> | + | ##** “Launchpad Web Page” should come back with “Further information:” text field. |
+ | ##** Please take a look if similar bugs were identified by “Launchpad Web Page” to avoid duplicate bugs. | ||
+ | ##* Please go to [https://wiki.openstack.org/wiki/StarlingX/BugTemplate Starlingx bug reporting guidelines] and use the template suggested. | ||
+ | ##* Go to the bottom of the page and select “ √ This bug is a security vulnerability” checkbox. | ||
+ | ##* Click under “Extra Options” arrow. | ||
+ | ##** Add “stx.security” TAG. | ||
+ | ##** Please add attachments to help development team to troubleshoot the bug. | ||
+ | ##* Click “Submit Bug Report” button. | ||
+ | ## Once the bug is created please go to “Other bug subscribers” at the right side frame. | ||
+ | ##* Left click on “+ Subscribe someone else” link and you should get a “Subscribe someone else” pop up search window. | ||
+ | ##* Please add the following users: | ||
+ | ##** Ken Young (kenyis) WR | ||
+ | ##** Brent Rowsell (brent-rowsell) WR | ||
+ | ##** Cindy Xie (xxie1) Intel | ||
+ | ##** Bruce Jones (brucej) Intel | ||
+ | # If the issue is extremely sensitive or you’re otherwise unable to use the bug tracker directly, please send an e-mail message to one or more of the Team’s members: | ||
+ | #*Ken Young <[mailto:ken.young@windriver.com ken.young@windriver.com]> | ||
+ | #*Bruce Jones <[mailto:bruce.e.jones@intel.com bruce.e.jones@intel.com]> | ||
+ | #*Cindy Xie <[mailto:cindy.xie@intel.com cindy.xie@intel.com]> | ||
+ | #*Brent Rowsell <[mailto:Brent.Rowsell@windriver.com Brent.Rowsell@windriver.com]> | ||
=== Team Objective / Priorities === | === Team Objective / Priorities === |
Revision as of 21:08, 18 September 2018
Contents
StarlingX Security Sub-project
Team Information
- Project Lead: Ken Young <Ken.Young@windriver.com>
- Technical Lead: Ken Young <Ken.Young@windriver.com>
- Contributors: Cindy Xie <cindy.xie@intel.com>; Hai Tao Wang <hai.tao.wang@intel.com>; Martin Chen <haochuan.z.chen@intel.com>; An Ran <ran1.an@intel.com>; Hernandez Gonzalez, Fernando <fernando.hernandez.gonzalez@intel.com>
How to report security issues to Starling X
If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly. By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team. We provide two ways to report issues to the Starling X VMT depending on how sensitive the issue is:
- Open the StarlingX bug tracking page and click the ‘Report a bug’ link at the top right of the page.
- “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words...
- Click “Next” button.
- “Launchpad Web Page” should come back with “Further information:” text field.
- Please take a look if similar bugs were identified by “Launchpad Web Page” to avoid duplicate bugs.
- Please go to Starlingx bug reporting guidelines and use the template suggested.
- Go to the bottom of the page and select “ √ This bug is a security vulnerability” checkbox.
- Click under “Extra Options” arrow.
- Add “stx.security” TAG.
- Please add attachments to help development team to troubleshoot the bug.
- Click “Submit Bug Report” button.
- Click “Next” button.
- Once the bug is created please go to “Other bug subscribers” at the right side frame.
- Left click on “+ Subscribe someone else” link and you should get a “Subscribe someone else” pop up search window.
- Please add the following users:
- Ken Young (kenyis) WR
- Brent Rowsell (brent-rowsell) WR
- Cindy Xie (xxie1) Intel
- Bruce Jones (brucej) Intel
- “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words...
- If the issue is extremely sensitive or you’re otherwise unable to use the bug tracker directly, please send an e-mail message to one or more of the Team’s members:
- Ken Young <ken.young@windriver.com>
- Bruce Jones <bruce.e.jones@intel.com>
- Cindy Xie <cindy.xie@intel.com>
- Brent Rowsell <Brent.Rowsell@windriver.com>
Team Objective / Priorities
- Responsible for all work items related StarlingX security
- Short Term Priorities (2018)
- Long Term Priorities (2019)
- TBD
Tags
All story board stories and launchpad bugs created for this team should use the tag "stx.security".
Team Work Items
- Story Board
- Launchpad Bugs
- All
- stx.2018.10
- ToDo:
- Evaluate this report and create Stories to address it (if needed).
- Address issues raised in the Intel internal SAFE review
Status
- Capture status - what's the cadence? weekly?
- 2018/08/06:
- 2018/08/13: