Difference between revisions of "Security/Vulnerability Management Process"
From fd.io
< Security
(Created page with "== Glossary == {| class="wikitable" |- ! Term !! Definition |- | Embargo || A time period where vendors have access to details concerning the security vulnerability, with an...") |
(No difference)
|
Latest revision as of 19:06, 1 March 2016
Glossary
| Term | Definition | |
|---|---|---|
| Embargo | A time period where vendors have access to details concerning the security vulnerability, with an understanding not to publish these details or the fixes they have prepared. The embargo ends with a coordinated release date ("CRD"). (from source) | |
| Subject matter expert | A developer or other specialist who can provide contextual information that helps to determine the validity and impact of a potential security vulnerability. | |
| Peer reviewed | In the context of a patch, the term peer reviewed refers to the patch having been reviewed by the security response team and any other relevant key stakeholders. There is not yet a strict definition of the number of people who need to have reviewed the patch, or how they provide sign off. | |
| Downstream stakeholder | An organization that builds products based on fd.io. These products may be free, commercial, or for internal usage. |
