Improvement: Setup Tools/Documentation for vulnerability Management #2640
Description
What
https://www.eclipse.org/security/ describes Security at the Eclipse Foundation, Consider
Report a vulnerability
To report a security vulnerability in an Eclipse Foundation Project, first, check the project’s repository for a SECURITY.md file and follow its instructions. If none exist, you can email the Eclipse Foundation Security Team at security@eclipse-foundation.org or use the dedicated issue tracker.
For the principles under which the Eclipse Foundation manages the reporting, management, discussion, and disclosure of vulnerabilities discovered in Eclipse software, refer to the Eclipse Foundation Security Policy.
For more details on how we handle vulnerability reports, see the Eclipse Project Handbook.
and https://eclipse-csi.github.io/security-handbook/index.html
Actions:
- Create SECURITY.md with proper documentation, links to existing document to enable user easily to report a vulnerability
- Check Eclipse Security Handbook for Developer
- Check Eclipse Security Handbook for Project
- Check Eclipse Security Handbook for Vulnerability Management
- Check Eclipse Security Handbook for SBOM
How
Create SECURITY.md and other documentation, configurations to manage security in S-CORE
Estimates for realization
1 month
Category
- Affects Detailed Design
Requirements / Architecture
- Requirements / Architecture are not affected by this change?