This document outlines the steps of the Openmined Security Subcommittee towards a defined security process that helps developers build more secure software while addressing security compliance requirements. It presents the key ideas of the security process and outlines which documents need to be created. After the process is implemented and all supporting documents are created, this document is a top-level overview and entry point.
| Version | Supported |
|---|---|
| 0.4.0 | ✅ |
| 0.2.x | ❌ |
Vulnerabilities to the Openmined project may be reported via email to the vulnerabilities@openmined.org mailing list. These reports will be acknowledged and analyzed by the security response team within 2 weeks. Each vulnerability will be entered into the Openmined Project security tracking system on Github or on JIRA. The original submitter will be granted permission to view the issues that they have reported.