ossf / wg-vulnerability-disclosures

The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
https://openssf.org
Apache License 2.0
180 stars 40 forks source link

Project idea: guide for maintainers on handling incidents #113

Open u269c opened 2 years ago

u269c commented 2 years ago

As per https://github.com/ossf/SIRT/pull/5#issuecomment-1256341717

The SIRT's goals are indeed to help with incidents and vulnerability coordinations, but the documentation and training of it should not be handled by the SIRT itself. It was suggested to have the Vuln Discslosure WG look at taking this effort instead.

SecurityCRob commented 2 years ago

It was discussed in the WG today that we may wish to search to see if any existing art or docs exist on this to kickstart our efforts. The team generally thought pursuing this has merit.

ByteHackr commented 2 years ago

We may Check Red Hat's Open Source Incident Response Plan Red Hat Incident Response Plan

SecurityCRob commented 2 years ago

We have this previous issue we may want to merge here https://github.com/ossf/wg-vulnerability-disclosures/issues/100

taladrane commented 2 years ago

I'm in favor of this as the next project for the working group before #115 and #116, but think all 3 are great ideas.

crystalhazen commented 2 years ago

Agree with @taladrane. I'm also in favor of this project being the next in line. All of the projects sound interesting!

yogeshnmittal commented 1 year ago

Me and @ByteHackr (Sandipan Roy) are interested to be a part of the sub-working group or SIG for this project