On Thursday 01 December 2011, Daniel-Constantin Mierla wrote: > [..] > > Anyone objecting to implementing a process for handling security > > incidents? > > I have no objection in this regard, any contribution/managing process > that will make usage of the project easier/more attractive for various > people is welcome. The question will be who will take the work (e.g., > reviewing, categorization, announcements to devels and community, ...). > Personally, I try not to make a difference between bugs, but just try to > solve asap, with priority on how common use case is the situation rising > the bug. > > Another question is categorizing 'security bugs' - in my understanding I > consider such bugs when one can gain access to server or > steal/compromise data from/on the server. Chasing situations are not in > this category (IMO).
Hi Daniel, IMHO also certain denial of service attacks belongs to the "security bug" class. If somebody can easily bring my service down because of e.g. a crash during the processing of misformated (network) input then the availability of the service can be easily compromised. Best regards, Henning _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
