Process for reporting security bugs #255
Labels
CVE
A security vulnerability bug
Comments
cary-ilm
added
CVE
|
Now that OpenEXR has been adopted by the Academy Software Foundation, we're looking into the backlog of open issues and revamping the project maintenance process. There is now a security@openexr.com alias for reporting security vulnerabilities privately to the project steering committee, and the process is addressed in the "How to Report a Security Vulnerability" section in the CONTRIBUTING.md documentation. I see you filed several bugs as Issues, that's fine, too. We're starting to work through them. |
|
Closing the issue for now, feel free to re-open or file a new issue if you have further questions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi OpenEXR Team,
As part of our fuzzing efforts at Google, we are interested in understanding the process for reporting potential security issues to your project in a private manner. Could you please advise us if there is a private tracker for these kinds of bugs, or if you prefer them filed in a publicly visible way?
Thanks!
The text was updated successfully, but these errors were encountered: