Jump to: navigation, search

Difference between revisions of "StarlingX/Security"

m (Team Information)
Line 7: Line 7:
  
 
=== How to report security issues to Starling X ===
 
=== How to report security issues to Starling X ===
If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly.  By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team.  Please send an E-mail message to one or more of the Team’s members:
+
If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly.  By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team.  We provide two ways to report issues to the Starling X VMT depending on how sensitive the issue is:
*Ken Young <[mailto:ken.young@windriver.com ken.young@windriver.com]>
+
# Open the [https://bugs.launchpad.net/starlingx StarlingX bug tracking page] and click the [https://bugs.launchpad.net/starlingx/+filebug ‘Report a bug’] link at the top right of the page.
*Bruce Jones <[mailto:bruce.e.jones@intel.com bruce.e.jones@intel.com]>
+
## “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words...
*Cindy Xie <[mailto:cindy.xie@intel.com cindy.xie@intel.com]>
+
##* Click “Next” button.
*Brent Rowsell <[mailto:Brent.Rowsell@windriver.com Brent.Rowsell@windriver.com]>
+
##** “Launchpad Web Page” should come back with “Further information:” text field.
 +
##** Please take a look if similar bugs were identified by “Launchpad Web Page” to avoid duplicate bugs.
 +
##* Please go to [https://wiki.openstack.org/wiki/StarlingX/BugTemplate Starlingx bug reporting guidelines] and use the template suggested.
 +
##* Go to the bottom of the page and select “ √ This bug is a security vulnerability” checkbox.
 +
##* Click under “Extra Options” arrow.
 +
##** Add “stx.security” TAG.
 +
##** Please add attachments to help development team to troubleshoot the bug.
 +
##* Click “Submit Bug Report” button.
 +
## Once the bug is created please go to “Other bug subscribers” at the right side frame.
 +
##* Left click on “+ Subscribe someone else” link and you should get a “Subscribe someone else” pop up search window.
 +
##* Please add the following users:
 +
##** Ken Young (kenyis) WR
 +
##** Brent Rowsell (brent-rowsell) WR
 +
##** Cindy Xie (xxie1) Intel
 +
##** Bruce Jones (brucej) Intel
 +
# If the issue is extremely sensitive or you’re otherwise unable to use the bug tracker directly, please send an e-mail message to one or more of the Team’s members:
 +
#*Ken Young <[mailto:ken.young@windriver.com ken.young@windriver.com]>
 +
#*Bruce Jones <[mailto:bruce.e.jones@intel.com bruce.e.jones@intel.com]>
 +
#*Cindy Xie <[mailto:cindy.xie@intel.com cindy.xie@intel.com]>
 +
#*Brent Rowsell <[mailto:Brent.Rowsell@windriver.com Brent.Rowsell@windriver.com]>
 
   
 
   
 
=== Team Objective / Priorities ===
 
=== Team Objective / Priorities ===

Revision as of 21:08, 18 September 2018

StarlingX Security Sub-project

Team Information

  • Project Lead: Ken Young <Ken.Young@windriver.com>
  • Technical Lead: Ken Young <Ken.Young@windriver.com>
  • Contributors: Cindy Xie <cindy.xie@intel.com>; Hai Tao Wang <hai.tao.wang@intel.com>; Martin Chen <haochuan.z.chen@intel.com>; An Ran <ran1.an@intel.com>; Hernandez Gonzalez, Fernando <fernando.hernandez.gonzalez@intel.com>

How to report security issues to Starling X

If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly. By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team. We provide two ways to report issues to the Starling X VMT depending on how sensitive the issue is:

  1. Open the StarlingX bug tracking page and click the ‘Report a bug’ link at the top right of the page.
    1. “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words...
      • Click “Next” button.
        • “Launchpad Web Page” should come back with “Further information:” text field.
        • Please take a look if similar bugs were identified by “Launchpad Web Page” to avoid duplicate bugs.
      • Please go to Starlingx bug reporting guidelines and use the template suggested.
      • Go to the bottom of the page and select “ √ This bug is a security vulnerability” checkbox.
      • Click under “Extra Options” arrow.
        • Add “stx.security” TAG.
        • Please add attachments to help development team to troubleshoot the bug.
      • Click “Submit Bug Report” button.
    2. Once the bug is created please go to “Other bug subscribers” at the right side frame.
      • Left click on “+ Subscribe someone else” link and you should get a “Subscribe someone else” pop up search window.
      • Please add the following users:
        • Ken Young (kenyis) WR
        • Brent Rowsell (brent-rowsell) WR
        • Cindy Xie (xxie1) Intel
        • Bruce Jones (brucej) Intel
  2. If the issue is extremely sensitive or you’re otherwise unable to use the bug tracker directly, please send an e-mail message to one or more of the Team’s members:

Team Objective / Priorities

  • Responsible for all work items related StarlingX security
  • Short Term Priorities (2018)
  • Long Term Priorities (2019)
    • TBD

Tags

All story board stories and launchpad bugs created for this team should use the tag "stx.security".

Team Work Items

  • ToDo:
    • Evaluate this report and create Stories to address it (if needed).
    • Address issues raised in the Intel internal SAFE review

Status

  • Capture status - what's the cadence? weekly?
  • 2018/08/06:
  • 2018/08/13:
Retrieved from "https://wiki.openstack.org/w/index.php?title=StarlingX/Security&oldid=164908"