...
| Code Block |
|---|
| language | text |
|---|
| title | Triage confirmation email |
|---|
|
Dear {reporter},
This issue has been confirmed as a security vulnerability in { project }.
The initially assign severity level is: {severity level}.
Please let us know if you disagree with our assessment.
We would like to get it fixed under the ONAP embargoed security vulnerability process.
Please do not discuss or disclose details about this flaw prior to the agreed disclosure date (TBA).
All decisions, discussions, and proposed patches and reviews are to be done via this tracking issue:
{jira_issue_url}
In general we will request for a CVE number for every confirmed security vulnerability to ensure full traceability.
Please let us know if you have already obtained a CVE number for this issue in order to avoid duplicates.
Thanks
{ onap_vulnerability_ sub-committee _member}, on behalf of the ONAP vulnerability sub-committee |
Coordinated disclosure
Message should be signed.
| Code Block |
|---|
| language | text |
|---|
| title | Triage confirmation email |
|---|
|
Dear {reporter},
We have developed a patch that fixes the reported issue.
The allocated CVE number is: {CVE id}
Now we are approaching final step of our process which is coordinated disclosure.
We scheduled the publication date to {publication date}.
Please contact us immediately if you would like us to modify the disclosure date.
Thank you very much for following responsible disclosure model.
{ onap_vulnerability_ sub-committee _member}, on behalf of the ONAP vulnerability sub-committee |