EGI Document 283-v9
EGI-CSIRT Critical Vulnerability Operational Procedure
- Public document
- New version of the procedure can be found under: https://wiki.egi.eu/wiki/SEC03
In order to prevent incidents, it is important to ensure that operational action is taken in a timely manner when a security problem has been found and a solution identified. A critical security problem is one where it is considered that urgent action needs to be taken, in order for both individual sites and the infrastructure as a whole to be secure. The most common type of critical security problem is where a software vulnerability has been found, and assessed as ‘critical’.
After a problem has been assessed as critical, and a solution is available then sites are required to take action. This document primarily defines the procedure from this time, where sites are asked to take action, and what steps are taken if they do not respond or do not take action.
If a site fails to take action, this may lead to site suspension by removing the site from the resource information system as defined in appropriate policy documents.
- Referenced by:
- EGI-doc-649: MS412 - Operational Security Procedures