[security] Reporting a Security Issue
Pete Rowley
prowley at redhat.com
Thu Oct 26 22:10:06 UTC 2006
Good stuff!
Johannes Ernst wrote:
> The wiki
> http://openid.net/wiki/
> now has a section on "Reporting a Security Issue" (under "Security")
>
> The idea is that every time anybody believes they have found a
> security issue, there is (the beginning of a very simple) process by
> which this issue can be reported and resolved; and by which the issue
> and its resolution can be captured for others to see.
>
> Obviously, the process can and will evolve. Right now, it's basically:
> - make sure you have identified a valid issue and it hasn't been
> reported before
> - discuss on this mailing list
> - we write it up on the wiki -- whether valid or not, because others
> will have the same issue sooner or later.
>
> Which is a whole lot better than what we had before, which was nothing
> ;-)
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
>
>
> ------------------------------------------------------------------------
>
> http://netmesh.info/jernst
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> security mailing list
> security at openid.net
> http://openid.net/mailman/listinfo/security
>
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/e1c0e0ff/attachment-0002.bin>
More information about the security
mailing list