Security announcement subscriptions (was: [Security Advisory] CVE-2020-14156 ...)
Joseph Reynolds
jrey at linux.ibm.com
Wed Jun 17 05:17:51 AEST 2020
On 6/16/20 12:35 PM, Lee Fisher wrote:
> Hi,
>
> In addition to a web page showing how to submit security issues, it
> would be nice if there was a web page showing OpenBMC CVEs. And/or a
> mailing list to announce OpenBMC security advisories. Having to
> subscribe to the dev list and watch the issue tracking system for CVEs
> will only keep security awareness isolated to OpenBMC devs.
Lee, +cc: openbmc email list
I agree. The security wiki [1] has a query to show all security
advisories [2]. We had discussed creating an
openbmc-public-security-announcements email list that you could
subscribe to. I'll add an item to the security working group agenda [3]
to discuss the email again.
- Joseph
[1]: https://github.com/openbmc/openbmc/wiki/Security-working-group
[2]:
https://github.com/openbmc/openbmc/issues?utf8=%E2%9C%93&q=Security+Advisory
[3]:
https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI
>
> Thanks,
> Lee
>
> On 6/15/20 12:31 PM, Joseph Reynolds wrote:
>> |The OpenBMC Security Response team has released an OpenBMC Security
>> Advisory: https://github.com/openbmc/openbmc/issues/3670 Thanks to
>> everyone who helped work on this. An OpenBMC Security Advisory
>> explains a security vulnerability, its severity, and how to protect
>> systems that are built on OpenBMC. For more information about OpenBMC
>> Security Response, see:
>> https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team.md
>> - Joseph |
>>
More information about the openbmc
mailing list