Workshop topic: Managing Security Vulnerabilities in updates projects post-Oracle leadership

Tasha CARL openjdk at carl.pro
Tue Nov 13 11:37:33 UTC 2018


Dear list,

Workshop proposal:

"Managing Security Vulnerabilities in updates projects post-Oracle
leadership"
This session may need to be restricted (partly) to folks who are part of
the vulnerability group.
It would be good to discuss how some concrete workflows might work
as of 2019:
1. How a vulnerability gets reported to the vulnerability group (e.g.
   through public email address, by a vulnerability group member, a
   public 0-day breach or something else).
2. Who takes responsibility/lead for providing the OpenJDK updates
   stream patch and any back porting.
3. How and where vulnerability group members can collaborate
   (concretely) on a fix.
4. How the vulnerability group members should communicate with
   their internal organisations and finally (at the right time)
   with the public.
Best regards,
Natasha CARL


More information about the workshop-discuss mailing list