[SecurityworkGroup] Security response team - bug database needed
Joseph Reynolds
jrey at linux.ibm.com
Thu Jun 10 10:15:25 AEST 2021
This is a followup to a discussion in the security working group meeting
held 2021-06-09 agenda item 11.
The security response team has difficulty tracking reported security
vulnerabilities to closure and writing CVEs in a timely manner. Having
a confidential bug tracker would help.
Per Dick, the UEFI team uses bugzilla and has a restructured corner for
the security response team: anyone can write a bug, but only security
response team members can see it.
What are the best practices? How do we get a bug tracker which only
OpenBMC security response team members can read?
Joseph
More information about the openbmc
mailing list