Workshop topic: Managing Security Vulnerabilities in updates projects post-Oracle leadership
Tasha CARL
openjdk at carl.pro
Tue Nov 13 11:37:33 UTC 2018
Dear list,
Workshop proposal:
"Managing Security Vulnerabilities in updates projects post-Oracle
leadership"
This session may need to be restricted (partly) to folks who are part of
the vulnerability group.
It would be good to discuss how some concrete workflows might work
as of 2019:
1. How a vulnerability gets reported to the vulnerability group (e.g.
through public email address, by a vulnerability group member, a
public 0-day breach or something else).
2. Who takes responsibility/lead for providing the OpenJDK updates
stream patch and any back porting.
3. How and where vulnerability group members can collaborate
(concretely) on a fix.
4. How the vulnerability group members should communicate with
their internal organisations and finally (at the right time)
with the public.
Best regards,
Natasha CARL
More information about the workshop-discuss
mailing list