incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject OpenOffice Security Vulnerability Reporting
Date Thu, 07 Jul 2011 13:48:48 GMT
Bringing the threads together on the public list so we can (hopefully)
quickly discuss.

As I understand it now, the currently directs visitors
to report vulnerability reports to This
address is currently being monitored.

And at Apache we ask vulnerabilities to be reported to, after which they are forwarded to the particular
project's private email list where such matters can be analyzed in
confidence, avoiding premature disclosure.

Since the OpenOffice project is in the process of migrating to Apache,
a process which will take several months, it is important that
relevant information be shared, rapidly, confidentially and reliably.

I'd like to propose something simple, namely that relevant information
received by Apache should be quickly forwarded to, and that relevant information received by should be quickly forwarded to

Also, if has a list of other security
contacts with whom they routinely share pre-public disclosure security
information, we'd appreciate having that list, sent to our private



View raw message