Differences

This shows you the differences between two versions of the page.

--- mantisbt:handling_security_problems [2017/03/10 07:26]
dregad [Obtaining a CVE ID] New process to request CVE via MITRE's form
+++ mantisbt:handling_security_problems [2017/03/10 07:34] (current)
dregad Add "Reference the CVE" section
@@ Line 96: / Line 96: @@
 [[http://thread.gmane.org/gmane.comp.security.oss.general/9876|4]].
+==== Reference the CVE ID ====
+Once the CVE ID has been assigned, it must be referenced in MantisBT, and used in every communication related to the security issue.
+  * MantisBT's issue tracker (**Mandatory**): prefix the issue's summary with ''CVE-YYYY-XXXX - ''
+  * in commit messages
+  * on GitHub pull requests
+  * in mailing lists discussions
+  * in announcements (e.g. release notes, blog post, twitter...)
+  * etc

Wiki