Changes between Version 16 and Version 17 of OpenITPReview/Criteria


Ignore:
Timestamp:
May 17, 2013 6:18:39 PM (6 years ago)
Author:
zzz
Comment:

vulnerability reports

Legend:

Unmodified
Added
Removed
Modified
  • OpenITPReview/Criteria

    v16 v17  
    7171|| '''Criterion''' || '''Our response''' || '''Do we fulfil this?''' ||
    7272|| Does the project have documented criteria for determining what is a security issue? || '''No''' ||  ||
    73 || Does the project have a documented process for classifying the impact of security vulnerability reports? || No '''TODO: Define or set up''' || '''No''' ||
    74 || Does the project have a documented response process for security vulnerability reports? || No '''TODO: Define or set up''' || '''No''' ||
     73|| Does the project have a documented process for classifying the impact of security vulnerability reports? || No '''TODO: Define or set up''' || Yes ||
     74|| Does the project have a documented response process for security vulnerability reports? || Partial. Documented at http://zzz.i2p/topics/780 || '''No''' ||
    7575|| What is the project history of responding to security incidents and is it documented? || Generally fixed in the next release. Release schedule is accelerated if necessary. Our typical release cycle is 6-10 weeks, or about 7 releases per year. History is documented at http://zzz.i2p/forums/13 ||  ||
    7676|| Does the project have an internal responsible disclosure policy and is it used? || Yes to both. Documented at http://zzz.i2p/topics/780 and we generally disclose issues in release notes, see http://www.i2p2.de/announcements - We also use the project news feed which is delivered to users in the tool, as well as other channels such as Twitter and http://forum.i2p/ || Yes ||