EGI Document 283-v9

EGI-CSIRT Critical Vulnerability Operational Procedure

Document #:
Document type:
Submitted by:
Linda Cornwall
Updated by:
Linda Cornwall
Document Created:
15 Dec 2010, 14:36
Contents Revised:
26 Jan 2012, 16:47
Metadata Revised:
02 Nov 2015, 12:32
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Other Versions:
25 Jan 2012, 19:30
14 Mar 2011, 15:01
11 Mar 2011, 17:12
14 Feb 2011, 15:43
17 Jan 2011, 17:26
05 Jan 2011, 16:45
21 Dec 2010, 12:00
15 Dec 2010, 14:36
New version of the procedure can be found under:

In order to prevent incidents, it is important to ensure that operational action is taken in a timely manner when a security problem has been found and a solution identified. A critical security problem is one where it is considered that urgent action needs to be taken, in order for both individual sites and the infrastructure as a whole to be secure. The most common type of critical security problem is where a software vulnerability has been found, and assessed as ‘critical’.
After a problem has been assessed as critical, and a solution is available then sites are required to take action. This document primarily defines the procedure from this time, where sites are asked to take action, and what steps are taken if they do not respond or do not take action.
If a site fails to take action, this may lead to site suspension by removing the site from the resource information system as defined in appropriate policy documents.

Referenced by:

DocDB, Contact: Document Database Administrators