wg-vulnerability-disclosures icon indicating copy to clipboard operation
wg-vulnerability-disclosures copied to clipboard

Published 20 hours ago verified publisher icon ossf

Project idea: guide for maintainers on handling incidents

Open u269c opened this issue 3 years ago • 6 comments

As per https://github.com/ossf/SIRT/pull/5#issuecomment-1256341717

The SIRT's goals are indeed to help with incidents and vulnerability coordinations, but the documentation and training of it should not be handled by the SIRT itself. It was suggested to have the Vuln Discslosure WG look at taking this effort instead.

u269c avatar Sep 23 '22 15:09 u269c

It was discussed in the WG today that we may wish to search to see if any existing art or docs exist on this to kickstart our efforts. The team generally thought pursuing this has merit.

SecurityCRob avatar Oct 05 '22 15:10 SecurityCRob

We may Check Red Hat's Open Source Incident Response Plan Red Hat Incident Response Plan

ByteHackr avatar Oct 19 '22 15:10 ByteHackr

We have this previous issue we may want to merge here https://github.com/ossf/wg-vulnerability-disclosures/issues/100

SecurityCRob avatar Oct 21 '22 12:10 SecurityCRob

I'm in favor of this as the next project for the working group before #115 and #116, but think all 3 are great ideas.

taladrane avatar Nov 16 '22 16:11 taladrane

Agree with @taladrane. I'm also in favor of this project being the next in line. All of the projects sound interesting!

crystalhazen avatar Nov 16 '22 16:11 crystalhazen

Me and @ByteHackr (Sandipan Roy) are interested to be a part of the sub-working group or SIG for this project

yogeshnmittal avatar Dec 14 '22 15:12 yogeshnmittal