Details
-
Task
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
None
Description
There is currently a blocker on the product security side and how we present CVE information to customers preventing the implementation of the desired one tracker for each vulnerability found in a given flavour of fuse.
Without the ability to break down the trackers into each flavour of fuse (via a PSComponent) we are unable to claim a fix as all instances (flavours), this is not possible with the proposed patching tool.
DoD
- A proposed workflow for ProdSec MW/AS
- The ability to create a product security tracker specifically for a flavour of fuse (Karaf or Spring Boot initially)
- The ability for an RHSA to mark that flavour fixed upon posting metadata
Attachments
1.
|
Discuss CVE page changes with PS Devops |
|
Closed | 
|
Unassigned |