You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@community.apache.org by Sharan Foga <sh...@apache.org> on 2019/05/04 13:51:43 UTC
Security Vulnerabilities Process Talks for ApacheCon?
Hi All
I have ApacheCon on the brain at the moment! :-)
Not sure if this has come up already but another idea for ApacheCon talks that came up in a brainstorming session (thanks Myrle :-) a few weeks ago was around security vulnerabilities and how to handle them
For example:
- An intro to the ASF Security team, who they are, what it does and how it works
- An overview of the process for managing Security vulnerabilities,
- What are the project Do’S and Dont’s when it comes to handling security vulnerabilities?
- Any real life stories from the trenches – how it was resolved
This is something really important for all our projects to know and understand (which is why I’m mentioning it here under Community).
So if you are interested in talking about this topic then please submit something for the CFPs for Las Vegas and Berlin.
Thanks
Sharan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Security Vulnerabilities Process Talks for ApacheCon?
Posted by Lars Eilebrecht <la...@eilebrecht.net.INVALID>.
Mark Cox wrote on 2019-06-25 13:06:48:
> On Sat, May 4, 2019 at 2:51 PM Sharan Foga <sh...@apache.org> wrote:
>
> > ...
> > Not sure if this has come up already but another idea for ApacheCon
> > talks that came up in a brainstorming session (thanks Myrle :-) a
> > few weeks ago was around security vulnerabilities and how to handle
> > them
> >
> > For example:
> > - An intro to the ASF Security team, who they are, what it does and
> > how it works
> > - An overview of the process for managing Security vulnerabilities,
> > - What are the project Do’S and Dont’s when it comes to handling
> > security vulnerabilities?
> > - Any real life stories from the trenches – how it was resolved
> >
> > This is something really important for all our projects to know and
> > understand (which is why I’m mentioning it here under Community).
> >
> > So if you are interested in talking about this topic then please
> > submit something for the CFPs for Las Vegas and Berlin.
> >
>
> Just catching up with dev@ mail and wish had seen this sooner. I'll
> be out at Vegas and want to do something like this -- we could do it
> as a BoF session now. Things we get ask include the above and
> specifically "How does CVE allocation work", "How do we deal with
> issues that cross multiple projects", "How to deal with stuff that's
> private when we need to commit public before release" and so on.
I'm also catching up on dev@ email and unfortunately didn't see
Sharon's email until now... Sounds like a great idea for a talk.
Mark, if you are doing a BoF about this in Vegas I'd be happy to get
involved.
Best regards
Lars
--
Lars Eilebrecht
lars@eilebrecht.net
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Security Vulnerabilities Process Talks for ApacheCon?
Posted by Mark Cox <mj...@apache.org>.
On Sat, May 4, 2019 at 2:51 PM Sharan Foga <sh...@apache.org> wrote:
> ...
> Not sure if this has come up already but another idea for ApacheCon talks
> that came up in a brainstorming session (thanks Myrle :-) a few weeks ago
> was around security vulnerabilities and how to handle them
>
> For example:
> - An intro to the ASF Security team, who they are, what it does and how it
> works
> - An overview of the process for managing Security vulnerabilities,
> - What are the project Do’S and Dont’s when it comes to handling security
> vulnerabilities?
> - Any real life stories from the trenches – how it was resolved
>
> This is something really important for all our projects to know and
> understand (which is why I’m mentioning it here under Community).
>
> So if you are interested in talking about this topic then please submit
> something for the CFPs for Las Vegas and Berlin.
>
Just catching up with dev@ mail and wish had seen this sooner. I'll be out
at Vegas and want to do something like this -- we could do it as a BoF
session now. Things we get ask include the above and specifically "How
does CVE allocation work", "How do we deal with issues that cross multiple
projects", "How to deal with stuff that's private when we need to commit
public before release" and so on.
Mark