Changes between Version 15 and Version 16 of OpenITPReview/Criteria


Ignore:
Timestamp:
May 17, 2013 6:16:45 PM (7 years ago)
Author:
zzz
Comment:

disclosure

Legend:

Unmodified
Added
Removed
Modified
  • OpenITPReview/Criteria

    v15 v16  
    7474|| Does the project have a documented response process for security vulnerability reports? || No '''TODO: Define or set up''' || '''No''' ||
    7575|| What is the project history of responding to security incidents and is it documented? || Generally fixed in the next release. Release schedule is accelerated if necessary. Our typical release cycle is 6-10 weeks, or about 7 releases per year. History is documented at http://zzz.i2p/forums/13 ||  ||
    76 || Does the project have an internal responsible disclosure policy and is it used? || No '''TODO: Discuss''' || '''No''' ||
     76|| Does the project have an internal responsible disclosure policy and is it used? || Yes to both. Documented at http://zzz.i2p/topics/780 and we generally disclose issues in release notes, see http://www.i2p2.de/announcements - We also use the project news feed which is delivered to users in the tool, as well as other channels such as Twitter and http://forum.i2p/ || Yes ||
    7777|| What timeline does the project have around responding to vulnerabilities? || Next release. Release schedule is accelerated if necessary. Our typical release cycle is 6-10 weeks, or about 7 releases per year. ||  ||
    7878