PMASA
Isaac Bennetch edited this page Jun 21, 2016
·
1 revision
- This document itself is currently in draft form. *
This is a guide for the security team when preparing a PMASA draft.
This should be informative but not overly detailed; we don't want to overwhelm people (those who are curious can always look at the code). A few sentances are usually all that is needed.
- Critical: Things like unauthenticated users being able to log in or executing random PHP code.
- Moderate: Where an authenticated user can attack themselves or other authenticated users.
- Non-critical (maybe needs a better term): Generally where a user can attack themselves only or cause inconvenience to other users.
- Advisory: With mentioning but not very likely to be exploited.
Identify the reporter based on their preferred means. This can include a website or Twitter username.
Popular destinations:
- Team meetings
- GSoC home
- Developer guidelines
- How to install on Debian and Ubuntu
- Issue and pull-request management
User resources: