index.php - www.eclipse.org/security - Git at Google

 <?php
 /*******************************************************************************
  * Copyright (c) 2011 Eclipse Foundation and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *    Wayne Beaton (Eclipse Foundation)- initial API and implementation
 *******************************************************************************/
 require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
 require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
 require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
 $App = new App();
 $Nav = new Nav();
 $Menu = new Menu();
 include($App->getProjectCommon());

 $pageTitle 		= "Eclipse Security";
 $pageAuthor		= "";
 $pageKeywords	= "Eclipse, projects, security";

 ob_start();
 ?>
 <div id="maincontent">
 	<div id="midcolumn">
 		<h1><?php echo $pageTitle; ?></h1>
 		<p>
 			<i>ISO 27005 defines vulnerability as: &quot;A weakness of an asset
 				or group of assets that can be exploited by one or more
 				threats.&quot;</i>
 		</p>

 		<h2>The Ecipse Security Team</h2>
 		<p>The Eclipse Security Team provides help and advice to Eclipse
 			projects on security issues and is the first point of contact for
 			handling security vulnerabilities. Members of the Security Team are
 			committers on Eclipse projects and members of the Eclipse
 			Architecture Council.</p>
 		<p>
 			Contact the <a href="mailto:security@eclipse.org">Eclipse Security
 				Team</a>.
 		</p>

 		<h2>Reporting a Security Vulnerability</h2>
 		<p>Vulnerabilities can be reported either via email to the Eclipse
 			Security Team or directly with a project via Bugzilla.</p>
 		<p>
 			The general security mailing list address is <a
 				href="mailto:security@eclipse.org">security@eclipse.org</a>. Members
 			of the Eclipse Security Team will receive messages sent to this
 			address. This address should be used only for reporting undisclosed
 			Vulnerabilities; regular bug reports and questions unrelated to
 			Vulnerabilities in Eclipse software will be ignored. Note that this
 			email address is not encrypted.
 		</p>
 		<p>
 			The community is also encouraged to report Vulnerabilities using the
 			standard <a href="https://bugs.eclipse.org/bugs">Eclipse Bugzilla</a>
 			instance. Bug reports related to Vulnerabilities must be marked as
 			&quot;committers-only&quot;, either by the reporter, or by a
 			committer during the triage process. Note that bugs marked
 			&quot;committers-only&quot; are visible to all Eclipse committers. By
 			default, a &quot;committers-only&quot; bug is also accessible to the
 			reporter and individuals explicitly indicated in the &quot;cc&quot; list.
 		</p>

 		<h2>Disclosure</h2>
 		<p>
 			Disclosure is initially limited to the reporter and all Eclipse
 			Committers, but is expanded to include other individuals, and the
 			general public. The timing and manner of disclosure is governed by
 			the <a href="policy.php">Eclipse Security Policy</a>.
 		</p>
 		<p>
 			Publicly disclosed bugs are listed on the <a href="known.php">Disclosed
 				Vulnerabilities Page</a>.
 		</p>
 	</div>
 </div>

 <?php
 $html = ob_get_contents();
 ob_end_clean();

 $App->generatePage('Nova', $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
 ?>
	<?php
	/*******************************************************************************
	* Copyright (c) 2011 Eclipse Foundation and others.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* Wayne Beaton (Eclipse Foundation)- initial API and implementation
	*******************************************************************************/
	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
	$App = new App();
	$Nav = new Nav();
	$Menu = new Menu();
	include($App->getProjectCommon());

	$pageTitle = "Eclipse Security";
	$pageAuthor = "";
	$pageKeywords = "Eclipse, projects, security";

	ob_start();
	?>
	<div id="maincontent">
	<div id="midcolumn">
	<h1><?php echo $pageTitle; ?></h1>
	<p>
	<i>ISO 27005 defines vulnerability as: "A weakness of an asset
	or group of assets that can be exploited by one or more
	threats."</i>
	</p>

	<h2>The Ecipse Security Team</h2>
	<p>The Eclipse Security Team provides help and advice to Eclipse
	projects on security issues and is the first point of contact for
	handling security vulnerabilities. Members of the Security Team are
	committers on Eclipse projects and members of the Eclipse
	Architecture Council.</p>
	<p>
	Contact the <a href="mailto:security@eclipse.org">Eclipse Security
	Team</a>.
	</p>

	<h2>Reporting a Security Vulnerability</h2>
	<p>Vulnerabilities can be reported either via email to the Eclipse
	Security Team or directly with a project via Bugzilla.</p>
	<p>
	The general security mailing list address is <a
	href="mailto:security@eclipse.org">security@eclipse.org</a>. Members
	of the Eclipse Security Team will receive messages sent to this
	address. This address should be used only for reporting undisclosed
	Vulnerabilities; regular bug reports and questions unrelated to
	Vulnerabilities in Eclipse software will be ignored. Note that this
	email address is not encrypted.
	</p>
	<p>
	The community is also encouraged to report Vulnerabilities using the
	standard <a href="https://bugs.eclipse.org/bugs">Eclipse Bugzilla</a>
	instance. Bug reports related to Vulnerabilities must be marked as
	"committers-only", either by the reporter, or by a
	committer during the triage process. Note that bugs marked
	"committers-only" are visible to all Eclipse committers. By
	default, a "committers-only" bug is also accessible to the
	reporter and individuals explicitly indicated in the "cc" list.
	</p>

	<h2>Disclosure</h2>
	<p>
	Disclosure is initially limited to the reporter and all Eclipse
	Committers, but is expanded to include other individuals, and the
	general public. The timing and manner of disclosure is governed by
	the <a href="policy.php">Eclipse Security Policy</a>.
	</p>
	<p>
	Publicly disclosed bugs are listed on the <a href="known.php">Disclosed
	Vulnerabilities Page</a>.
	</p>
	</div>
	</div>

	<?php
	$html = ob_get_contents();
	ob_end_clean();

	$App->generatePage('Nova', $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
	?>