How to report security related issues?

50 views
Skip to first unread message

Lucien van Wouw

unread,
Jan 5, 2016, 7:07:13 AM1/5/16
to Dataverse Users Community
Hi,

I wonder how security issues can be reported other than the public github repository,
Is there a IQSS procedure for this ? Where can end users ( developers, dataverse maintainers, etc ) report them ?

Philip Durbin

unread,
Jan 5, 2016, 9:55:37 AM1/5/16
to dataverse...@googlegroups.com
From what I can tell we don't explain very well that we *don't* want security issues to be reported in public such as on this mailing list, the GitHub issue tracker, Twitter, IRC, etc.

Rather, please send anything security-related to sup...@dataverse.org which will create a private ticket in the IQSS/HMDC ticket tracker at https://help.hmdc.harvard.edu

Let me see what I can do about documenting this properly (and perhaps setting up a dedicated email address). I'm looking at sites like the ones below but if anyone has a favorite writeup of how to report security vulnerabilities, please let us know:

- https://www.oracle.com/support/assurance/vulnerability-remediation/reporting-security-vulnerabilities.html
- http://www.postgresql.org/support/security/
- https://access.redhat.com/security/team/contact


Thanks!

Phil

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/31b75433-f517-48c0-acef-78a955abab70%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Reply all
Reply to author
Forward
0 new messages