Jan Høydahl created SOLR-18193:
----------------------------------
Summary: Rewrite website security page and security reporting
workflow
Key: SOLR-18193
URL: https://issues.apache.org/jira/browse/SOLR-18193
Project: Solr
Issue Type: Task
Components: website
Reporter: Jan Høydahl
The project keeps getting security reports to securitu@ mailing list, which of
many do not obey by our instructions.
The root cause may be that our security web page
[https://solr.apache.org/security.html] is a mix of security
news/announcements, false-positives/vex, description of our official security
posture and step-by-step how to file a security report.
The web page can be improved.
* News section can go as a sub category of the NEWS page
* The VEX stuff can be a separate sub page of security.html,
* The main security.html could focus on what users should know, and what
security researchers should prepare before reporting an issue.
* The page could also benefit from a graphical diagram outlining the flow.
When the PMC responds to incoming emails we need a set of well written canned
responses for a few typical cases, like incomplete report, we don't like
attachments to mail etc. Those canned responses could live in Wiki or as yet
another sub page of the web page?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
