Security

From Lustre Wiki
Revision as of 06:15, 9 February 2024 by Pjones (talk | contribs) (Protected "Security" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

If you have details of a suspected security vulnerability in Lustre code that you wish to report then please email us at [email protected] with the details.

Please do not file a public JIRA issue for a security vulnerability - we do not want to draw attention to the vulnerability until a fix has been developed and administrators have been alerted and have had some time to put a mitigation in place.

Ideally the reporting email should have as much detail as possible:

  • reproducer, versions affected, fix if available, etc.
  • indicate to whom (individual and/or affiliation) that credit for finding the issue should be reported
  • details of any CVE already reserved
  • your intentions around disclosing the details of the vulnerability

We aim to respond to any such reports within three business days of receipt.

Retrieved from "http://wiki.lustre.org/index.php?title=Security&oldid=4765"