Eclipse Foundation Security Training - How We Manage Vulnerability Reports

Learn the comprehensive vulnerability management process used by the Eclipse Foundation in this 27-minute security training session. Discover the step-by-step procedures for reporting security vulnerabilities, understand how the security team collaborates with project maintainers, and explore the tools utilized across GitHub and GitLab platforms. Master private issue management and disclosure best practices, including the use of GitHub Private Advisories for reporting and maintaining visibility. Examine how the foundation handles end-of-life versions and unsupported releases, while understanding the support mechanisms provided by the security team to projects. Gain insights into CVSS scoring methodologies and severity determination processes, including the distinction between business impact and technical scores. Participate in interactive quizzes and live Q&A sessions to reinforce your understanding of vulnerability coordination practices. Access practical knowledge about mailing lists, process improvements, and available resources to enhance your security management capabilities within the Eclipse ecosystem.