Differences

This shows you the differences between two versions of the page.

--- mantisbt:handling_security_problems [2017/03/10 07:26] – [Obtaining a CVE ID] New process to request CVE via MITRE's form dregad
+++ mantisbt:handling_security_problems [2021/07/14 12:08] (current) – Must be logged in with mantisbt.org account dregad
@@ Line 10: / Line 10: @@
 If you discover a security issue or what you think could be one, please
-[[http://www.mantisbt.org/bugs/bug_report_page.php?category_id=36&view_state=50|Open a new issue]]
+[[https://mantisbt.org/bugs/bug_report_page.php?category_id=36&view_state=50|Open a new issue]]
+((You must be logged-in with your mantisbt.org account to use this link))
 in our bug tracker following the guidelines below.
@@ Line 96: / Line 97: @@
 [[http://thread.gmane.org/gmane.comp.security.oss.general/9876|4]].
+==== Reference the CVE ID ====
+Once the CVE ID has been assigned, it must be referenced in MantisBT, and used in every communication related to the security issue.
+  * MantisBT's issue tracker (**Mandatory**): prefix the issue's summary with ''CVE-YYYY-XXXX - ''
+  * in commit messages
+  * on GitHub pull requests
+  * in mailing lists discussions
+  * in announcements (e.g. release notes, blog post, twitter...)
+  * etc