Versions Compared

Old Version 15

changes.mady.by.user John Kinsella

Saved on

compared with

New Version 16

changes.mady.by.user David Nalley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: s/asf/acs/g

...

CloudStack operates a pre-disclosure list. This list contains the email addresses of the security response teams for significant CloudStack distributors.  This includes both corporations and community institutions.  The purpose of the pre-disclosure list is to enable the CloudStack project and distributors to participate in a bi-directional information sharing agreement for vulnerabilities.  By joining the pre-disclosure list the organization and ASF ACS mutually agree to jointly share vulnerability information that is originally reported to them, jointly verify and fix issues, and jointly (simultaneously) make vulnerability announcements and hotfix releases (if warranted) to the public.  The ASF ACS and organizations on the pre-disclosure list are also expected to be reasonably responsive, with a guided expectation of 2-4 weeks to verify issues and release fixes (if warranted).  Response times should be discussed and agreed upon depending on the issue severity.

...