[erlang-questions] Reporting vulnerabilities in Erlang/OTP
Thu May 7 17:18:15 CEST 2015
On Thu, May 07, 2015 at 04:40:53PM +0200, Eric Skoglund wrote:
> I was at a meetup last night with some FOSS people and the question on
> how to handle security bugs in open source projects came up. Why this
> came up was due to a security bug that was found and there wasn't a
> proper procedure set up, leading to the bug being made public before
> everyone was properly notified.
> I think it would be a good idea to have a discussion on how security
> issues should be handled. So that something like the above can be prevented.
> One thing that seems like it is popular for FOSS software is to have a
> mail address specifically for security related bugs that a subset of
> maintainers have access to (curl  or rails ). It might be a good
> idea to set up security@REDACTED for something like this.
There is actually an erlang-security at erlang dot org that is intended for
this purpose. security at erlang dot org goes to the website admin for
website security issues.
> Just my 2 cents
> // Eric Skoglund
>  http://curl.haxx.se/docs/security.html
>  http://rubyonrails.org/security/
> erlang-questions mailing list
/ Raimo Niskanen, Erlang/OTP, Ericsson AB
More information about the erlang-questions