European Grid Infrastructure

towards a sustainable infrastructure

Jump to Menu

Software Vulnerability Group

Chair  

Linda Cornwall

STFC Rutherford Appleton Laboratory (UK)
linda.cornwall@stfc.ac.uk

Description  

The goal of the Software Vulnerability Group (SVG) is to eliminate existing software vulnerabilities from the deployed infrastructure and prevent the introduction of new ones, thus reducing the likelihood of security incidents.

Main tasks  

  • Provide an efficient process to report, handle, and resolve software vulnerabilities found in middleware.

  • Provide consultation on software vulnerabilities to the CSIRT team and other EGI groups.

  • Collaborate with other partners to assess software provided in the EGI Unified Middleware Distribution and to look for vulnerabilities.

  • Encourage developers to write secure code, thus reducing the likelihood of future problems, by education and awareness.

If you find, or think you have found a vulnerability  

You SHOULD NOT:

  • Discuss on a mailing list – especially if it has an open subscription or if it is publicly archived

  • Post the information online or publicise the vulnerability in any way – this may provide useful data to the attacker.

You SHOULD:

  • Report it to report-vulnerability (at) egi.eu

Resources

 

Active policy groups