search

enarx-archive / rfcs

Holds RFCS (“Request for Comments”), proposals to improve Enarx
Apache License 2.0
2 stars 9 forks source link

Define vulnerabilities embargo policy #18

Closed axelsimon closed 4 years ago

axelsimon commented 4 years ago

We need a policy and a process for dealing with embargoes related to vulnerabilities.

This should be done as an RFC in the enarx/rfcs repo.

MikeCamel commented 4 years ago

Note - these vulnerabilities may be in one or more of the following:

  1. Enarx code
  2. Enarx dependencies (including compilers)
  3. Enarx documentation
  4. 3rd party hardware or firmware
MikeCamel commented 4 years ago

Added label "good first issue", as there are examples out there which could be adapted for Enarx use, and the adaptation process would yield some interesting discussions with core team members.

axelsimon commented 4 years ago

As discussed during the daily meeting, this issue is in essence a suggestion for an RFC, and as such has been moved to the rfcs repo.