Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] Announcement: Per-Project Security Teams

Dear all,

In response to requests from various projects and after discussions between the Eclipse Foundation Security Team and the Architecture Council, we are pleased to announce the creation of Project Security Teams.

Project Security Teams allow projects to explicitly designate individuals responsible for handling vulnerability reports. Project Leads can define membership in PMI.

This initiative represents a significant step forward in enhancing visibility and communication around security issues within the Eclipse Foundation community.

If all Committers in your project are involved in addressing security issues, nothing will change for you. All Committers will automatically be considered part of your Project Security Team, and no further action is required on your part.

However, if your project has a more complex structure with only a limited number of individuals managing vulnerability reports, Project Leads can establish a dedicated Project Security Team. 

Additionally, please be aware that in early September, all members of Project Security Teams for projects hosted on GitHub (in an organization other than https://github.com/eclipse) will be granted the Security Manager role. If your project does not make any changes in PMI by then, and in line with the default setting where the Project Security Team equals all Committers, all Committers will be granted the Security Manager role in their respective organization on GitHub.

The Foundation's policy of openness remains unchanged: all security issues will continue to be eventually disclosed, and the Eclipse Foundation Security Team will ensure that this practice continues.

For detailed information on the introduction of Project Security Teams, including the specific permissions granted to members, please refer to the updated Handbook.

Feel free to discuss, comment, or ask questions about this new feature on the following discussion: https://github.com/orgs/eclipse-csi/discussions/4

Best,

Mikaël Barbero 
Head of Security | Eclipse Foundation
Eclipse Foundation: The Community for Open Innovation and Collaboration


Back to the top