| <?php |
| /******************************************************************************* |
| * Copyright (c) 2011 Eclipse Foundation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * Wayne Beaton (Eclipse Foundation)- initial API and implementation |
| *******************************************************************************/ |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); |
| $App = new App(); |
| $Nav = new Nav(); |
| $Menu = new Menu(); |
| include($App->getProjectCommon()); |
| |
| $pageTitle = "Eclipse Security"; |
| $pageAuthor = ""; |
| $pageKeywords = "Eclipse, projects, security"; |
| |
| ob_start(); |
| ?> |
| <div id="maincontent"> |
| <div id="midcolumn"> |
| <h1><?php echo $pageTitle; ?></h1> |
| <p> |
| <i>ISO 27005 defines vulnerability as: "A weakness of an asset |
| or group of assets that can be exploited by one or more |
| threats."</i> |
| </p> |
| |
| <h2>The Ecipse Security Team</h2> |
| <p>The Eclipse Security Team provides help and advice to Eclipse |
| projects on security issues and is the first point of contact for |
| handling security vulnerabilities. Members of the Security Team are |
| committers on Eclipse projects and members of the Eclipse |
| Architecture Council.</p> |
| <p> |
| Contact the <a href="mailto:security@eclipse.org">Eclipse Security |
| Team</a>. |
| </p> |
| |
| <h2>Reporting a Security Vulnerability</h2> |
| <p>Vulnerabilities can be reported either via email to the Eclipse |
| Security Team or directly with a project via Bugzilla.</p> |
| <p> |
| The general security mailing list address is <a |
| href="mailto:security@eclipse.org">security@eclipse.org</a>. Members |
| of the Eclipse Security Team will receive messages sent to this |
| address. This address should be used only for reporting undisclosed |
| Vulnerabilities; regular bug reports and questions unrelated to |
| Vulnerabilities in Eclipse software will be ignored. Note that this |
| email address is not encrypted. |
| </p> |
| <p> |
| The community is also encouraged to report Vulnerabilities using the |
| standard <a href="https://bugs.eclipse.org/bugs">Eclipse Bugzilla</a> |
| instance. Bug reports related to Vulnerabilities must be marked as |
| "committers-only", either by the reporter, or by a |
| committer during the triage process. Note that bugs marked |
| "committers-only" are visible to all Eclipse committers. By |
| default, a "committers-only" bug is also accessible to the |
| reporter and individuals explicitly indicated in the "cc" list. |
| </p> |
| |
| <h2>Disclosure</h2> |
| <p> |
| Disclosure is initially limited to the reporter and all Eclipse |
| Committers, but is expanded to include other individuals, and the |
| general public. The timing and manner of disclosure is governed by |
| the <a href="policy.php">Eclipse Security Policy</a>. |
| </p> |
| <p> |
| Publicly disclosed bugs are listed on the <a href="known.php">Disclosed |
| Vulnerabilities Page</a>. |
| </p> |
| </div> |
| </div> |
| |
| <?php |
| $html = ob_get_contents(); |
| ob_end_clean(); |
| |
| $App->generatePage('Nova', $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html); |
| ?> |