[SecurityworkGroup] Security response team - bug database needed

Joseph Reynolds jrey at linux.ibm.com
Thu Jun 10 10:15:25 AEST 2021

This is a followup to a discussion in the security working group meeting 
held 2021-06-09 agenda item 11.

The security response team has difficulty tracking reported security 
vulnerabilities to closure and writing CVEs in a timely manner.  Having 
a confidential bug tracker would help.
Per Dick, the UEFI team uses bugzilla and has a restructured corner for 
the security response team: anyone can write a bug, but only security 
response team members can see it.
What are the best practices? How do we get a bug tracker which only 
OpenBMC security response team members can read?


More information about the openbmc mailing list