[birt-dev] How to handle reporting of a security bug?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[birt-dev] How to handle reporting of a security bug?

From: Jeff Beard-Shouse <jbeardshouse@xxxxxxxxxxxxxx>
Date: Thu, 3 Feb 2011 11:48:13 -0600
Delivered-to: birt-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/birt-dev>
List-help: <mailto:birt-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/birt-dev>, <mailto:birt-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/birt-dev>, <mailto:birt-dev-request@eclipse.org?subject=unsubscribe>

I am a security researcher with Security PS. I have found a vulnerability in the Birt software package and would like to report it. I did find this post detailing the presence of a special security check box on the bug report submission form. I however did not see it when I went to fill in the bug report form. I am wondering if that check box only appears for committers?
My main question is what is the best way to disclose a security vulnerability to this project? As I want to do so in the most responsible way possible.

--
Jeff Beard-Shouse | Security Consultant | Security PS
[office - 913.888.2111 x6147 | mobile - 785-813-1337 | fax - 913.888.2120]
www.securityps.com

Prev by Date: [birt-dev] New Eclipse BIRT Milestone Build Available for Download
Next by Date: [birt-dev] Closing the Loop - Changing BIRT Indigo Release to 3.7
Previous by thread: [birt-dev] Please check out stable build <20110130-1818> and response if it can be released as BIRT 4.0M5 Milestone Build
Next by thread: [birt-dev] Closing the Loop - Changing BIRT Indigo Release to 3.7
Index(es):
- Date
- Thread

Breadcrumbs