[erlang-questions] Reporting vulnerabilities in Erlang/OTP

Raimo Niskanen <>
Thu May 7 17:18:15 CEST 2015


On Thu, May 07, 2015 at 04:40:53PM +0200, Eric Skoglund wrote:
> I was at a meetup last night with some FOSS people and the question on
> how to handle security bugs in open source projects came up. Why this
> came up was due to a security bug that was found and there wasn't a
> proper procedure set up, leading to the bug being made public before
> everyone was properly notified.
> 
> I think it would be a good idea to have a discussion on how security
> issues should be handled. So that something like the above can be prevented.
> 
> One thing that seems like it is popular for FOSS software is to have a
> mail address specifically for security related bugs that a subset of
> maintainers have access to (curl [0] or rails [1]). It might be a good
> idea to set up  for something like this.

There is actually an erlang-security at erlang dot org that is intended for
this purpose.  security at erlang dot org goes to the website admin for
website security issues.

> 
> Just my 2 cents
> 
> // Eric Skoglund
> 
> [0] http://curl.haxx.se/docs/security.html
> [1] http://rubyonrails.org/security/
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB


More information about the erlang-questions mailing list