Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[tinydtls-dev] Vulnerability report against Eclipse TinyDTLS

Greetings Eclipse TinyDTLS committers.

There is an open vulnerability report registered against the project code. Note that the issue is currently marked confidential and so is only accessible by committers.

I need project committers to have a look at the report and determine if it correctly identifies a vulnerability. If yes, then you need to determine when the correct time is to assign a CVE and disclose the vulnerability. The Eclipse Foundation's practices regarding mitigation of vulnerabilities is captured in the handbook.

Thanks for your attention in this matter.


Wayne Beaton

Director of Open Source Projects | Eclipse Foundation

Back to the top