Vulnerability
Launchpad entry: none yet
Created: 2006-08-01 by JohnMoser
Contributors: JohnMoser
Packages affected:
Summary
This spec places the vulnerability research, patching, and information diffusion aspect of the Ubuntu Security Team as a sub-team of the Ubuntu Hardened Team specified in HardenedUbuntu: the Ubuntu Hardened Vulnerability Team.
Rationale
The Ubuntu Hardened Team is made up of multiple sub-teams all approaching security from a different angle using a different set of tasks. It is important to continue to be mindful of new vulnerabilities; collect or create patches; apply and release fixes; and exchange patches and security concerns with other distributions and upstream.
Use cases
Any vulnerability in any package needs to be fixed.
Scope
The scope of the Ubuntu Hardened Vulnerability Team includes the following tasks:
- Monitoring various channels of information for new vulnerabilities.
Locate patches for new vulnerabilities from these channels, upstream, or other distributions, or the HardenedUbuntu/SourceAudit Team.
- Apply and release patches to correct vulnerabilities.
- Report vulnerabilities and release USNs.
Design
A team will be created that follows the above scope.
Implementation
We have these guys already, they're called the Ubuntu Security Team.
Code
Data preservation and migration
Unresolved issues
BoF agenda and discussion
HardenedUbuntu/Vulnerability (last edited 2008-08-06 16:28:33 by localhost)