A software vulnerability is a weakness in software which could allow actions to be carried out which are not intended.  This may be the usage of resources, access to data, destruction or encryption of data (e.g. ransomware).  A software vulnerability in software installed on a service may lead to a security incident.

If you find a software vulnerability in software:

DO NOT discuss on a mailing list – especially one with an open subscription policy or public archive

DO NOT post information on a web page

DO NOT publicise in any way

IMMEDIATELY report it to report-vulnerability (at) egi.eu.

Software vulnerabilities may additionally be reported to the software provider if their details are available.

If you become aware of a vulnerability in software which is used by EGI or EOSC-hub services, you should also report it to report-vulnerability (at) egi.eu.  It is particularly important that those who select software to enable services keep an eye out for announcements of software vulnerabilities in the software they select, and report them, in order help other service providers using this software ensure that their services are as free from vulnerabilities as possible.