This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
securitypolicy [2015/02/25 16:10] oej created |
securitypolicy [2019/02/09 12:05] henningw |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ==== Security Vulnerability Policy | + | ==== Security Vulnerability Policy ==== |
References: | References: | ||
- | * https:// | + | |
+ | * [[https:// | ||
=== Definition === | === Definition === | ||
- | ??? | ||
- | A security vulnerability is when a user of Kamailio can cause Kamailio to crash or lock up by | + | A security vulnerability is (for example) |
- | sending messages to the server process. | + | |
=== Reporting a security Vulnerability === | === Reporting a security Vulnerability === | ||
- | If you believe there' | + | If you believe there' |
- | Send e-mail to security@kamailio.org and the issue will be handled properly. | + | |
- | - Send an e-mail to security@kamailio.org and include the following information | + | - Send an e-mail to //security |
* A summary | * A summary | ||
* A detailed explanation of how this issue can be exploited and/or reproduced | * A detailed explanation of how this issue can be exploited and/or reproduced | ||
- A member of the Kamailio Security Team will respond | - A member of the Kamailio Security Team will respond | ||
- | - The kamailio developer team will work to solve the issue. When there is a patch for the issue, it should NOT be committed directly. It should be coordinated with the release of a security release as well as the publication of a Kamailio project security vulnerability report. | + | - The kamailio developer team will work to solve the issue. When there is a patch for the issue, it should NOT be committed directly |
=== Publishing security vulnerabilities === | === Publishing security vulnerabilities === | ||
- | Kamailio will publish security vulnerabilities, | + | Kamailio will publish security vulnerabilities, |
- | kamailio-announce mailing list, sr-users as well as related lists. The advisories will | + | |
- | also be published on the kamailio.org web site. | + | |
=== Kamailio Security Team === | === Kamailio Security Team === | ||
- | A Kamailio Security team should be appointed with core developers of the project. These individuals will be part of the security process and review patches and text for the vulnerability report. | + | A Kamailio Security team is appointed with core developers of the project. These individuals will be part of the security process and review patches and text for the vulnerability report. |
=== security@kamailio.org === | === security@kamailio.org === |