Changes between Version 14 and Version 15 of OpenITPReview/Criteria


Ignore:
Timestamp:
May 17, 2013 6:01:42 PM (6 years ago)
Author:
zzz
Comment:

vulnerabilities, patents

Legend:

Unmodified
Added
Removed
Modified
  • OpenITPReview/Criteria

    v14 v15  
    7070=== Vulnerability Response Process Maturity and Transparency ===
    7171|| '''Criterion''' || '''Our response''' || '''Do we fulfil this?''' ||
    72 || Does the project have documented criteria for determining what is a security issue? || '''TODO: Check this''' ||  ||
    73 || Does the project have a documented process for classifying the impact of security vulnerability reports? || '''TODO: Define or set up''' || '''No''' ||
    74 || Does the project have a documented response process for security vulnerability reports? || '''TODO: Define or set up''' || '''No''' ||
    75 || What is the project history of responding to security incidents and is it documented? || '''TODO: Check history''' ||  ||
    76 || Does the project have an internal responsible disclosure policy and is it used? || '''TODO: Discuss''' || '''No''' ||
    77 || What timeline does the project have around responding to vulnerabilities? || As soon as possible? ||  ||
     72|| Does the project have documented criteria for determining what is a security issue? || '''No''' ||  ||
     73|| Does the project have a documented process for classifying the impact of security vulnerability reports? || No '''TODO: Define or set up''' || '''No''' ||
     74|| Does the project have a documented response process for security vulnerability reports? || No '''TODO: Define or set up''' || '''No''' ||
     75|| What is the project history of responding to security incidents and is it documented? || Generally fixed in the next release. Release schedule is accelerated if necessary. Our typical release cycle is 6-10 weeks, or about 7 releases per year. History is documented at http://zzz.i2p/forums/13 ||  ||
     76|| Does the project have an internal responsible disclosure policy and is it used? || No '''TODO: Discuss''' || '''No''' ||
     77|| What timeline does the project have around responding to vulnerabilities? || Next release. Release schedule is accelerated if necessary. Our typical release cycle is 6-10 weeks, or about 7 releases per year. ||  ||
    7878
    7979=== Project License and IP Disposition ===
     
    8181|| Does the project have a license on the Open Source Initiative's list of free software licenses? || Several - http://www.i2p2.i2p/licenses || Yes ||
    8282|| Is the project functionally open source such that the PRB could independently fix vulnerabilities without project team cooperation if it became necessary? This includes situations where, for example, a free software project depends on a proprietary library. ||  || Yes? ||
    83 || Is the project aware of any potential patent or copyright issues with the project that would limit distribution of any part of their project or interfere with the audit process? || No. '''TODO: Check this''' ||  ||
     83|| Is the project aware of any potential patent or copyright issues with the project that would limit distribution of any part of their project or interfere with the audit process? || No ||  ||
    8484
    8585=== Privacy and Terms of Service Disposition ===