CINXE.COM

CERN Computer Security Information

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname;   }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <h4>Coordinated Vulnerability Disclosure (CVD)</h4> <p>CERN follows a standard process for coordinated vulnerability disclosure:</p> <ol> <li><b>Report</b> your findings to us via our <a href="csirt.shtml">CSIRT</a>. Please note that we appreciate qualified reports and usually ignore outputs of automatic scans; <li>The CERN CSIRT will <b>assess</b> in how far your finding is relevant, exploitable and, hence, critical. Within a few working days they will <b>acknowledge</b> your finding with their verdict. Sometime they would need to iterate with you towards the essence of your finding; <li>If relevant, they will <b>coordinate</b> with the corresponding service managers to <b>mitigate</b> or fix your vulnerability; <li>Once done, they will <b>confirm</b> to you all actions taken. This should usually take just a few days, less than a few weeks at maximum; <li>From that moment on it is up to you to go for <b>public disclosure</b>, create a CVE, or... The CERN CSIRT is happy to review your report for factual correctness. </ol> <p>However, please note that CERN is a tax-payer sponsored organization and, thus, we cannot provide any financial compensation. We are nevertheless happy to include you in our <a href="kudos.shtml">kudos</a> page for findings with a confirmed security impact to our organization.</p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <ul class="sidemenu"> <li class="noselect"><b><a href="/home/fr/index.shtml"><img src="/images/fr.png"/> Vous pr&eacute;f&eacute;rez le fran&ccedil;ais ?</a></b></li> </ul> <h3>Emergency Response</h3> <ul class="sidemenu"> <li><a href="/services/en/emergency.shtml">What to do in an emergency</a> </ul> <h3>Contact</h3> <ul class="sidemenu"> <li><a href="/home/en/csirt.shtml">How to contact the Computer Security Team</a> <li><a href="/home/en/cvd.shtml">Coordinated Vulnerability Disclosure</a> <li><a href="/home/en/CERN/liaisons.shtml">Departmental & experiment liaisons <img src="/images/bullet_lock.png" alt="CERN login required"/></a> </ul> <h3>About CERN Computer Security</h3> <ul class="sidemenu"> <li><a href="/advisories/advisories.shtml">Advisories</a></li> <li><a href="/home/en/data_sharing.shtml">Data Sharing Guidelines</a></li> <li><a href="/home/en/about.shtml">Security is not complete without you</a></li> <li><a href="/home/en/privacy_statement.shtml">Privacy Statement</a></li> <li><a href="/home/en/kudos.shtml">Kudos!</a></li> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10