RE: Call for Community Feedback: Guidance on Reporting Protocol Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

To make it easier to provide updates, the originally referenced PDF has been converted to markdown and added to github:

https://github.com/ietf/vul-reporting-guidance

Feedback on the text submitted to date with replies to this thread is tracked via issues here:

https://github.com/ietf/vul-reporting-guidance/issues

Regards,
Roman

> -----Original Message-----
> From: ietf <ietf-bounces@xxxxxxxx> On Behalf Of Roman Danyliw
> Sent: Friday, October 23, 2020 2:46 PM
> To: ietf@xxxxxxxx
> Subject: Call for Community Feedback: Guidance on Reporting Protocol
> Vulnerabilities
> 
> Hi!
> 
> The Internet Engineering Steering Group (IESG) is seeking community input on
> reporting protocol vulnerabilities to the IETF.  Specifically, the IESG is proposing
> guidance to be added to the website at [1] to raise awareness on how the IETF
> handles this information in the standards process.  The full text (which would
> be converted to a web page) is at:
> 
> https://www.ietf.org/media/documents/Guidance_on_Reporting_Vulnerabilitie
> s_to_the_IETF_sqEX1Ly.pdf
> 
> This text is intended to be written in an accessible style to help vulnerability
> researchers, who may not be familiar with the IETF, navigate existing processes
> to disclose and remediate these vulnerabilities.  With the exception of creating
> a last resort reporting email alias (protocol-vulnerability@xxxxxxxx), this text is
> describing current practices in the IETF, albeit ones that may not be
> consistently applied.
> 
> This guidance will serve as a complement to the recently written IETF LLC
> infrastructure and protocol vulnerability disclosure statement [2].
> 
> The IESG appreciates any input from the community on the proposed text and
> will consider all input received by November 7, 2020.
> 
> Regards,
> Roman
> (for the IESG)
> 
> [1] This guidance text would be added to a new URL at
> https://www.ietf.org/standards/rfcs/vulnerabilities, and then referenced from
> www.ietf.org/contact, https://www.ietf.org/standards/process/,
> https://www.ietf.org/standards/rfcs/, and
> https://www.ietf.org/topics/security/
> 
> [2] https://www.ietf.org/about/administration/policies-
> procedures/vulnerability-disclosure
>
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux