Security/Vulnerability Management Process

From fd.io
< Security
Revision as of 19:06, 1 March 2016 by Hagbard (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Glossary

Term Definition
Embargo A time period where vendors have access to details concerning the security vulnerability, with an understanding not to publish these details or the fixes they have prepared. The embargo ends with a coordinated release date ("CRD"). (from source)
Subject matter expert A developer or other specialist who can provide contextual information that helps to determine the validity and impact of a potential security vulnerability.
Peer reviewed In the context of a patch, the term peer reviewed refers to the patch having been reviewed by the security response team and any other relevant key stakeholders. There is not yet a strict definition of the number of people who need to have reviewed the patch, or how they provide sign off.
Downstream stakeholder An organization that builds products based on fd.io. These products may be free, commercial, or for internal usage.