DaanHoogland commented on code in PR #437: URL: https://github.com/apache/cloudstack-www/pull/437#discussion_r3363034623
########## src/pages/security.md: ########## @@ -39,12 +39,16 @@ team](https://www.apache.org/security/) via email to vulnerability, how it might be exploited, and any additional information that might be useful. -Upon notification, the ASF security team will work with the CloudStack PMC -through validation and fixing the issue. If the issue is validated, it generally -takes 2-4 weeks from notification to public announcement of the vulnerability. -During this time, the team will communicate with you as they proceed through the -response procedure, and ask that the issue not be announced before an -agreed-upon date. +Upon notification, the ASF security team will work with the CloudStack +PMC through validation and fixing the issue. If the issue is +validated, it will still take time to fix the issue. The amount of +time depends on the availability of volunteers and number people +involved that have a stake in the issue. In later years it has turned +out to take up to six months, from notification to public announcement +of the vulnerability, due to parallel work on multiple issues. During Review Comment: ```suggestion out to take up more and more time from notification to public announcement of the vulnerability, due to parallel work on multiple issues. During ``` @borisstoyanov @raboof ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
