securitypolicy
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| securitypolicy [2019/02/09 11:05] – henningw | securitypolicy [2019/02/10 19:00] (current) – move page to security namespace henningw | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== Security Vulnerability Policy ==== | ||
| - | |||
| - | References: | ||
| - | * [[https:// | ||
| - | * [[https:// | ||
| - | |||
| - | === Definition === | ||
| - | |||
| - | A security vulnerability is (for example) when a user of Kamailio can cause Kamailio to crash or lock up by sending messages to the server process. | ||
| - | |||
| - | === Reporting a security Vulnerability === | ||
| - | |||
| - | If you believe there' | ||
| - | |||
| - | - Send an e-mail to //security at kamailio dot org// and include the following information | ||
| - | * A summary | ||
| - | * A detailed explanation of how this issue can be exploited and/or reproduced | ||
| - | - A member of the Kamailio Security Team will respond | ||
| - | - The kamailio developer team will work to solve the issue. When there is a patch for the issue, it should NOT be committed directly without clarification with the security team. It should be coordinated with the release of a security release as well as the publication of a Kamailio project security vulnerability report. | ||
| - | |||
| - | === Publishing security vulnerabilities === | ||
| - | |||
| - | Kamailio will publish security vulnerabilities, | ||
| - | |||
| - | === Kamailio Security Team === | ||
| - | |||
| - | A Kamailio Security team is appointed with core developers of the project. These individuals will be part of the security process and review patches and text for the vulnerability report. Persons of this group take the role of Kamailio Security Officers. One of these should manage each security incident - which does not mean solving the code issue, but managing the process from report to publication and patch release. | ||
| - | |||
| - | === security@kamailio.org === | ||
| - | |||
| - | This address should have a PGP key associated, used by the security officers. | ||
securitypolicy.1549710308.txt.gz · Last modified: 2019/02/09 11:05 by henningw