From 7e429463f527ab80d17ddf8c6c3418de7b5fc11e Mon Sep 17 00:00:00 2001 From: Vicky Risk Date: Wed, 14 Aug 2024 14:34:09 +0000 Subject: [PATCH] Update Internal_use_only-CVE.md checklist changing some tasks and responsibilities reflecting the new ASN process with RT vs SF --- .gitlab/issue_templates/Internal_use_only-CVE.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.gitlab/issue_templates/Internal_use_only-CVE.md b/.gitlab/issue_templates/Internal_use_only-CVE.md index a30774cf71..81e8f284e2 100644 --- a/.gitlab/issue_templates/Internal_use_only-CVE.md +++ b/.gitlab/issue_templates/Internal_use_only-CVE.md @@ -34,8 +34,8 @@ confidential! - [ ] [:link:][step_versions_affected] **(SwEng)** Determine the range of product versions affected (including the Subscription Edition) - [ ] [:link:][step_workarounds] **(SwEng)** Determine whether workarounds for the problem exist - [ ] [:link:][step_coordinate] **(SwEng)** If necessary, coordinate with other parties - - [ ] [:link:][step_earliest_prepare] **(Support)** Prepare "earliest" notification text and hand it off to Marketing - - [ ] [:link:][step_earliest_send] **(Marketing)** Update "earliest" notification document in SF portal and send bulk email to earliest customers + - [ ] [:link:][step_earliest_prepare] **(Support)** Prepare "earliest" notification text + - [ ] [:link:][step_earliest_send] **(Support)** Update "earliest" notification ticket in support portal and notify earliest customers - [ ] [:link:][step_advisory_mr] **(Support)** Create a merge request for the Security Advisory and include all readily available information in it - [ ] [:link:][step_reproducer_mr] **(SwEng)** Prepare a private merge request containing a system test reproducing the problem - [ ] [:link:][step_notify_support] **(SwEng)** Notify Support when a reproducer is ready @@ -52,11 +52,13 @@ confidential! ### At T-5 - - [ ] [:link:][step_asn_documents] **(Marketing)** Update the text on the T-5 (from the Printing Press project) and "earliest" ASN documents in the SF portal - - [ ] [:link:][step_asn_links] **(Marketing)** (BIND 9 only) Update the BIND -S information document in SF with download links to the new versions - - [ ] [:link:][step_asn_send] **(Marketing)** Bulk email eligible customers to check the SF portal + - [ ] [:link:][step_asn_links] **(Marketing)** (BIND 9 only) Update the BIND -S information document in the support portal with download links to the new versions + - [ ] [:link:][step_asn_send] **(Support)** Notify eligible customers with the text of the advisory (earliest, and T-5) - [ ] [:link:][step_preannouncement] **(Marketing)** (BIND 9 only) Send a pre-announcement email to the *bind-announce* mailing list to alert users that the upcoming release will include security fixes +### At T-3 + - [ ] [:link:][step_asn_send] **(Support)** Notify eligible customers with the text of the advisory (T-3) + ### At T-1 - [ ] [:link:][step_packager_emails] **(First IM)** Send notifications to OS packagers @@ -71,8 +73,8 @@ confidential! - [ ] [:link:][step_mitre] **(First IM)** Advise MITRE about the disclosed CVEs - [ ] [:link:][step_merge_advisory] **(First IM)** Merge the Security Advisory merge request - [ ] [:link:][step_embargo_end] **(IM)** Inform original reporter (if external) that the security disclosure process is complete - - [ ] [:link:][step_asn_clear] **(Marketing)** Update the SF portal to clear the ASN - - [ ] [:link:][step_customers] **(Marketing)** Email ASN recipients that the embargo is lifted + - [ ] [:link:][step_asn_clear] **(Support)** Update the support portal to clear the ASN + - [ ] [:link:][step_customers] **(Marketing)** Email support customers that the release is published ### After Public Disclosure