[security] Reporting a Security Issue
Johannes Ernst
jernst+openid.net at netmesh.us
Thu Oct 26 22:03:37 UTC 2006
The wiki
http://openid.net/wiki/
now has a section on "Reporting a Security Issue" (under "Security")
The idea is that every time anybody believes they have found a
security issue, there is (the beginning of a very simple) process by
which this issue can be reported and resolved; and by which the issue
and its resolution can be captured for others to see.
Obviously, the process can and will evolve. Right now, it's basically:
- make sure you have identified a valid issue and it hasn't been
reported before
- discuss on this mailing list
- we write it up on the wiki -- whether valid or not, because
others will have the same issue sooner or later.
Which is a whole lot better than what we had before, which was
nothing ;-)
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 1962 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/5eff31f9/attachment-0002.tiff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/5eff31f9/attachment-0002.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the security
mailing list