Changes between Initial Version and Version 1 of SecurityVulnerabilities


Ignore:
Timestamp:
02/07/17 09:49:37 (15 months ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SecurityVulnerabilities

    v1 v1  
     1= Reporting security vulnerabilities =
     2
     3If you discover a security vulnerability in OpenVPN's [https://github.com/OpenVPN open source projects], please send email to security@openvpn.net.
     4
     5= How we handle security issues =
     6
     7The basic goals were defined in the IRC meeting on [http://thread.gmane.org/gmane.network.openvpn.devel/3841 15th July 2010]. We attempt to disclose security issues in 3 weeks - or less, if a fix is ready. If a fix is not ready in 3 weeks the issue we should disclosed it nevertheless and provide workarounds (if any) to users and then fix the issue a.s.a.p. Also, ''all'' security issues - whether they're theoretical or being exploited - should be fixed. All our users should also be informed about vulnerabilities in external software OpenVPN depends on (e.g. OpenSSL). This will be done after developers of the external software have already disclosed the vulnerability.