[security] reporting security flaws
Manger, James
James.H.Manger at team.telstra.com
Sun Mar 2 23:43:32 UTC 2014
[was RE: [security] OIC self-issued mode is insecure]
> I'm not sure everyone in the Connect WG follows this list -- suggest we
> get it into the WG mailing list so it is visible to all the
> participants, and into bitbucket as a tracked issue, if it isn't
> already (I haven't seen the notice come through but may have just
> missed it).
Sounds sensible, though I cannot do it as I don't have permission.
Needing to sign a legal contribution agreement and join a working group mailing list seems far too high a hurdle to report a security flaw. Clean IPR is important, but an easy feedback channel to ensure the group hears about security issues is even more important.
--
James Manger
More information about the security
mailing list