Greenbone takes the security of our software components, products and services very seriously. Whilst we are comfortable with the idea of full disclosure and operate a public github and a public community forum through which the public at large can communicate with developers regarding any concerns relating to the software modules, we ask to follow the concept of responsible and co-ordinated disclosure if you found a security issue of any kind.
Security Response Team
You found a security issue in one of our software modules, products or services?
We want to fix it! Please inform our
Vulnerability handling process
A summary of the vulnerability handling process is:
- The reporter reports the vulnerability privately to Greenbone Security Response Team.
- The security response team in cooperation with the respective developers works privately with the reporter to resolve the vulnerability.
- A new release of the the software component concerned is made that includes the fix.
- The vulnerability is publicly announced.
History
The security response contacts for the Source Edition OpenVAS and for Greenbone products were kept separate until September 2018. From then on, the Greenbone Security Response Team is the official contact for the Source Edition as well. This meant no practical change because the Greenbone Security Response team handled any incoming message since many years already.
The old Source Edition security advisories were named OVSA and there were 6 in total: