[erlang-questions] Reporting vulnerabilities in Erlang/OTP

Raimo Niskanen raimo+erlang-questions@REDACTED
Thu May 7 17:18:15 CEST 2015

On Thu, May 07, 2015 at 04:40:53PM +0200, Eric Skoglund wrote:
> I was at a meetup last night with some FOSS people and the question on
> how to handle security bugs in open source projects came up. Why this
> came up was due to a security bug that was found and there wasn't a
> proper procedure set up, leading to the bug being made public before
> everyone was properly notified.
> I think it would be a good idea to have a discussion on how security
> issues should be handled. So that something like the above can be prevented.
> One thing that seems like it is popular for FOSS software is to have a
> mail address specifically for security related bugs that a subset of
> maintainers have access to (curl [0] or rails [1]). It might be a good
> idea to set up security@REDACTED for something like this.

There is actually an erlang-security at erlang dot org that is intended for
this purpose.  security at erlang dot org goes to the website admin for
website security issues.

> Just my 2 cents
> // Eric Skoglund
> [0] http://curl.haxx.se/docs/security.html
> [1] http://rubyonrails.org/security/
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions


/ Raimo Niskanen, Erlang/OTP, Ericsson AB

More information about the erlang-questions mailing list