Security/Vulnerability Management Process
From fd.io
Glossary
Term | Definition | |
---|---|---|
Embargo | A time period where vendors have access to details concerning the security vulnerability, with an understanding not to publish these details or the fixes they have prepared. The embargo ends with a coordinated release date ("CRD"). (from source) | |
Subject matter expert | A developer or other specialist who can provide contextual information that helps to determine the validity and impact of a potential security vulnerability. | |
Peer reviewed | In the context of a patch, the term peer reviewed refers to the patch having been reviewed by the security response team and any other relevant key stakeholders. There is not yet a strict definition of the number of people who need to have reviewed the patch, or how they provide sign off. | |
Downstream stakeholder | An organization that builds products based on fd.io. These products may be free, commercial, or for internal usage. |