security-bugs.rst - OpenGrok cross reference for /linux/Documentation/process/security-bugs.rst

Lines Matching full:security
3 Security bugs
6 Linux kernel developers take security very seriously.  As such, we'd
7 like to know when a security bug is found so that it can be fixed and
13 Like with any bug report, a security bug report requires a lot of analysis work
18 **any** security bug report:
39     is not a security bug.
50     "system freezes each time I run this command"), the security team will help
69 What qualifies as a security bug
78 It turns out that the majority of the bugs reported via the security team are
79 just regular bugs that have been improperly qualified as security bugs due to
85 The security list exists for urgent bugs that grant an attacker a capability
92 public**. While you may have valid reasons to believe it is not, the security
100 privately: the security team would rather triage a borderline report than miss
101 a real vulnerability.  Reporting ordinary bugs to the security list, however,
108 The most effective way to report a security bug is to send it directly to the
109 affected subsystem's maintainers and Cc: the Linux kernel security team.  Do
127 security officers use) is to rely on the get_maintainer.pl script, tuned to
166 the Linux kernel security team only.  Your message will be triaged, and you
173 A significant fraction of bug reports submitted to the security team are
213     a security bug. In any case, if a fix is proposed, it must adhere to
235 The security team and maintainers almost always require additional
239 patches). Before contacting the security team, the reporter must ensure
247 security team who will ensure the message is delivered to the proper
250 security team for your first few reports or when seeking specific help,
253 no longer necessary to Cc: the security list when sending to large teams.
254 The Linux kernel security team can be contacted by email at
255 <security@kernel.org>.  This is a private list of security officers
257 It is possible that the security team will bring in extra help from area
258 maintainers to understand and fix the security vulnerability.
269 security report. Note that some mailers tend to mangle formatting of plain
276 The security list is not a disclosure channel.  For that, see Coordination
299 information submitted to the security list and any followup discussions
306 While the kernel security team solely focuses on getting bugs fixed,
310 public "oss-security" mailing list, both of which are closely related
312 <https://oss-security.openwall.org/wiki/mailing-lists/distros>
316 security team and other teams is difficult since for the kernel security
322 As such, the kernel security team strongly recommends that as a reporter
323 of a potential security issue you DO NOT contact the "linux-distros"
331 Cc: the kernel security team.
336 The security team does not assign CVEs, nor do we require them for
345 The Linux kernel security team is not a formal body and therefore unable