OpenBMC security workgroup status
Andrew Jeffery
andrew at aj.id.au
Wed Jul 11 13:19:36 AEST 2018
On Tue, 10 Jul 2018, at 11:50, Joseph Reynolds wrote:
> Here is the OpenBMC security work group status.
>
> The OpenBMC security work has been partitioned into four areas:
> hardware, firmware (Linux, phosphor, etc.), OpenBMC development
> activity, and downstream development. Reviews are out for three areas;
> see https://gerrit.openbmc-project.xyz/#/c/11120/ and 11164. Work to
> sketch out firmware security topics is beginning. We are also beginning
> to look at topics such as release planning and how to handle security
> flaws. For more details, see the group’s agenda and minutes at
> https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI.
What's the short-term strategy for handling vulnerability reports received in the gap between now and getting some formal process in place?
More information about the openbmc
mailing list