StarlingX/Security

StarlingX Security Sub-project

Team Information

• Project Lead: Ken Young <Ken.Young@windriver.com>
• Technical Lead: Ken Young <Ken.Young@windriver.com>
• Contributors: Cindy Xie <cindy.xie@intel.com>; Hai Tao Wang <hai.tao.wang@intel.com>; Martin Chen <haochuan.z.chen@intel.com>; An Ran <ran1.an@intel.com>; Hernandez Gonzalez, Fernando <fernando.hernandez.gonzalez@intel.com>

How to report security issues to Starling X

If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly. By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team. We provide two ways to report issues to the Starling X VMT depending on how sensitive the issue is:

1. Open the StarlingX bug tracking page and click the ‘Report a bug’ link at the top right of the page.
   1. “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words...
      • Click “Next” button.
        • “Launchpad Web Page” should come back with “Further information:” text field.
        • Please take a look if similar bugs were identified by “Launchpad Web Page” to avoid duplicate bugs.
      • Please go to Starlingx bug reporting guidelines and use the template suggested.
      • Go to the bottom of the page and select “ √ This bug is a security vulnerability” checkbox.
      • Click under “Extra Options” arrow.
        • Add “stx.security” TAG.
        • Please add attachments to help development team to troubleshoot the bug.
      • Click “Submit Bug Report” button.
   2. Once the bug is created please go to “Other bug subscribers” at the right side frame.
      • Left click on “+ Subscribe someone else” link and you should get a “Subscribe someone else” pop up search window.
      • Please add the following users:
        • Ken Young (kenyis) WR
        • Brent Rowsell (brent-rowsell) WR
        • Cindy Xie (xxie1) Intel
        • Bruce Jones (brucej) Intel
2. If the issue is extremely sensitive or you’re otherwise unable to use the bug tracker directly, please send an e-mail message to one or more of the Team’s members:
   • Ken Young <ken.young@windriver.com>
   • Bruce Jones <bruce.e.jones@intel.com>
   • Cindy Xie <cindy.xie@intel.com>
   • Brent Rowsell <Brent.Rowsell@windriver.com>

Team Objective / Priorities

• Responsible for all work items related StarlingX security
• Short Term Priorities (2018)
• Long Term Priorities (2019)
  • TBD

Tags

All story board stories and launchpad bugs created for this team should use the tag "stx.security".

Team Work Items

• Story Board
  • All
    • Active Stories
    • Merged Stories
  • stx.2018.10
    • stx.2018.10 Active Stories
    • stx.2018.10 Merged Stories
• Launchpad Bugs
  • All
    • Open Bugs
    • Fixed Bugs
  • stx.2018.10
    • stx.2018.10 Open Bugs

• ToDo:
  • Evaluate this report and create Stories to address it (if needed).
  • Address issues raised in the Intel internal SAFE review

Status

• Capture status - what's the cadence? weekly?
• 2018/08/06:
• 2018/08/13: