[erlang-questions] Reporting vulnerabilities in Erlang/OTP
Raimo Niskanen
raimo+erlang-questions@REDACTED
Thu May 7 17:18:15 CEST 2015
On Thu, May 07, 2015 at 04:40:53PM +0200, Eric Skoglund wrote:
> I was at a meetup last night with some FOSS people and the question on
> how to handle security bugs in open source projects came up. Why this
> came up was due to a security bug that was found and there wasn't a
> proper procedure set up, leading to the bug being made public before
> everyone was properly notified.
>
> I think it would be a good idea to have a discussion on how security
> issues should be handled. So that something like the above can be prevented.
>
> One thing that seems like it is popular for FOSS software is to have a
> mail address specifically for security related bugs that a subset of
> maintainers have access to (curl [0] or rails [1]). It might be a good
> idea to set up security@REDACTED for something like this.
There is actually an erlang-security at erlang dot org that is intended for
this purpose. security at erlang dot org goes to the website admin for
website security issues.
>
> Just my 2 cents
>
> // Eric Skoglund
>
> [0] http://curl.haxx.se/docs/security.html
> [1] http://rubyonrails.org/security/
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
--
/ Raimo Niskanen, Erlang/OTP, Ericsson AB
More information about the erlang-questions
mailing list