Introduction
Documentation Home What is OpenMAMA? Supported Platforms Versioning
Tutorials
1. Quick Start 2. Using MAMA Resource Pool
User Guides
Installing OpenMAMA OpenMAMA Developer's Guide OpenMAMDA Developer's Guide API Reference Docs Portable Demo Environment IDE Integration Running Example Apps Qpid Bridge Raising Issues Performance Testing Vulnerability Reporting
Contributor Guides
Contributing to Documentation Third Party Repository Building From Source Bridge Building Documentation Bridge Developer FAQ Bridge Incorporation Guidelines Coding Standards Dynamic Bridge Loading Long Lived Feature Branches Release Process Submission Process Unit Testing
RFC Documents
Open Closed Process Template

Vulnerability Reporting

Occasionally a vulnerability may be found in the OpenMAMA repository or in its dependent projects.

In the event that a major vulnerability is found:

  • An issue will be raised against the OpenMAMA project
  • There will be a mail sent to the mailing list announcing the vulnerability. The mail may also include:
    • Potential impact to users and applications
    • Reference to the OpenMAMA issue raised
    • Any CVEs related to the issue
    • Any workarounds or remedial action which may be taken
  • When necessary, a Pull Request will be raised referencing the OpenMAMA issue which reported the original vulnerability.
  • The mailing list will be advised if necessary when a new OpenMAMA release containing a fix for the vulnerability is made available.

Reporting a Vulnerability

If you think you have found a vulnerability in OpenMAMA or its dependent projects, please report it immediately by raising an issue against the OpenMAMA project. Please include where possible:

  • Details of the vulnerability
  • Languages / technologies used
  • A test harness demonstrating the vulnerability in action
  • Theoretical impact to OpenMAMA users and applications
  • Any related CVE links to the issue
  • Any potential workarounds or ways to avoid the vulnerability within applications