EGI Document 283-v9
EGI-CSIRT Critical Vulnerability Operational Procedure
- Public document
25 Jan 2012, 19:30
14 Mar 2011, 15:01
11 Mar 2011, 17:12
14 Feb 2011, 15:43
17 Jan 2011, 17:26
05 Jan 2011, 16:45
21 Dec 2010, 12:00
15 Dec 2010, 14:36
- New version of the procedure can be found under: https://wiki.egi.eu/wiki/SEC03
In order to prevent incidents, it is important to ensure that operational action is taken in a timely manner when a security problem has been found and a solution identified. A critical security problem is one where it is considered that urgent action needs to be taken, in order for both individual sites and the infrastructure as a whole to be secure. The most common type of critical security problem is where a software vulnerability has been found, and assessed as critical.
After a problem has been assessed as critical, and a solution is available then sites are required to take action. This document primarily defines the procedure from this time, where sites are asked to take action, and what steps are taken if they do not respond or do not take action.
If a site fails to take action, this may lead to site suspension by removing the site from the resource information system as defined in appropriate policy documents.
- Referenced by:
- EGI-doc-649: MS412 - Operational Security Procedures