StarlingX/Security
Contents
StarlingX Security Sub-project
Team Information
- Project Lead: Ken Young <Ken.Young@windriver.com>
- Technical Lead: Ken Young <Ken.Young@windriver.com>
- Contributors: Cindy Xie <cindy.xie@intel.com>; Hai Tao Wang <hai.tao.wang@intel.com>; Martin Chen <haochuan.z.chen@intel.com>; An Ran <ran1.an@intel.com>; Hernandez Gonzalez, Fernando <fernando.hernandez.gonzalez@intel.com>
How to report security issues to Starling X
If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue responsibly. By default, Starling X considers all issues private until they have been triaged by the Starling X Vulnerability Management Team. We provide two ways to report issues to the Starling X VMT depending on how sensitive the issue is:
- Open the StarlingX bug tracking page and click the ‘Report a bug’ link at the top right of the page.
- “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words...
- Click “Next” button.
- “Launchpad Web Page” should come back with “Further information:” text field.
- Please take a look if similar bugs were identified by “Launchpad Web Page” to avoid duplicate bugs.
- Please go to Starlingx bug reporting guidelines and use the template suggested.
- Go to the bottom of the page and select “ √ This bug is a security vulnerability” checkbox.
- Click under “Extra Options” arrow.
- Add “stx.security” TAG.
- Please add attachments to help development team to troubleshoot the bug.
- Click “Submit Bug Report” button.
- Click “Next” button.
- Once the bug is created please go to “Other bug subscribers” at the right side frame.
- Left click on “+ Subscribe someone else” link and you should get a “Subscribe someone else” pop up search window.
- Please add the following users:
- Ken Young (kenyis) WR
- Brent Rowsell (brent-rowsell) WR
- Cindy Xie (xxie1) Intel
- Bruce Jones (brucej) Intel
- “Launchpad Web Page” get back with “Report a bug --> Summary:” text field. Please describe the bug in a few words...
- If the issue is extremely sensitive or you’re otherwise unable to use the bug tracker directly, please send an e-mail message to one or more of the Team’s members:
- Ken Young <ken.young@windriver.com>
- Bruce Jones <bruce.e.jones@intel.com>
- Cindy Xie <cindy.xie@intel.com>
- Brent Rowsell <Brent.Rowsell@windriver.com>
Team Objective / Priorities
- Responsible for all work items related StarlingX security
- Short Term Priorities (2018)
- Long Term Priorities (2019)
- TBD
Tags
All story board stories and launchpad bugs created for this team should use the tag "stx.security".
Team Work Items
- Story Board
- Launchpad Bugs
- All
- stx.2018.10
- ToDo:
- Evaluate this report and create Stories to address it (if needed).
- Address issues raised in the Intel internal SAFE review
Status
- Capture status - what's the cadence? weekly?
- 2018/08/06:
- 2018/08/13: