STFC Rutherford Appleton Laboratory (UK)
The goal of the Software Vulnerability Group (SVG) is to eliminate existing software vulnerabilities from the deployed infrastructure and prevent the introduction of new ones, thus reducing the likelihood of security incidents.
Provide an efficient process to report, handle, and resolve software vulnerabilities found in middleware.
Provide consultation on software vulnerabilities to the CSIRT team and other EGI groups.
Collaborate with other partners to assess software provided in the EGI Unified Middleware Distribution and to look for vulnerabilities.
Encourage developers to write secure code, thus reducing the likelihood of future problems, by education and awareness.
You SHOULD NOT:
Discuss on a mailing list – especially if it has an open subscription or if it is publicly archived
Post the information online or publicise the vulnerability in any way – this may provide useful data to the attacker.
Report it to report-vulnerability (at) egi.eu