A software vulnerability is a weakness in software which could allow actions to be carried out which are not intended. This may be the usage of resources, access to data, destruction or encryption of data (e.g. ransomware). A software vulnerability in software installed on a service may lead to a security incident.
If you find a software vulnerability in software:
DO NOT discuss on a mailing list – especially one with an open subscription policy or public archive
DO NOT post information on a web page
DO NOT publicise in any way
IMMEDIATELY report it to report-vulnerability (at) egi.eu.
Software vulnerabilities may additionally be reported to the software provider if their details are available.
If you become aware of a vulnerability in software which is used by EGI or EOSC-hub services, you should also report it to report-vulnerability (at) egi.eu. It is particularly important that those who select software to enable services keep an eye out for announcements of software vulnerabilities in the software they select, and report them, in order help other service providers using this software ensure that their services are as free from vulnerabilities as possible.