English | 简体中文
The Security Issue Response Team (referred to as "Team" hereinafter) is set up to ensure timely response to and handling of security issues.
External vulnerability awareness.
Measures such as proactive vulnerability crawling and vulnerability monitoring are taken to detect security issues in a timely manner.
Assist in fixing vulnerabilities.
Ensure that known vulnerabilities are fixed in a timely manner, to protect users' systems against attacks.
Handle security issues.
Respond to security issues reported, track the issue handling progress, and disclose security issues in the community regularly.
Participate in code review.
Discover vulnerabilities in code through code review.
Review the bonus given or withdrawn based on the Bug Bounty Program.
Update the vulnerability review records and the list of Acknowledgment.
The Team consists of people from OpenHarmony A category donors who have extensive experience in related fields and are willing to work on security issues in the OpenHarmony community. Currently, the team members include:
The Team has a team leader and a deputy team leader, they are elected by team members for a two-year term and can be re-elected for more terms. The team members serve a two-year term and can be re-elected for more terms. New members are approved by existing members via an ordinary resolution. Dismissal of existing members is approved by a special resolution.
The team leader is responsible for the daily work of the Team. Members shall comply with this work charter and regulations of the OpenHarmony project and diligently fulfill their duties.
The Team has the right to recall members who violate the regulations.
A quorum of more than half of the team members is required to attend the meeting. An ordinary resolution shall be approved by more than half of the attendees. A special resolution shall be approved by at least two thirds of all attendees.
A meeting can be held only when a majority of team members can attend the meeting. The team leader, deputy team leader, or more than three members can initiate a meeting based on work requirements.
A special resolution is required for the following issues:
Contact the Team using the following contact information:
Description | How to Use | |
---|---|---|
scy@openharmony.io | Email address for receiving security issues | Any developer can send OpenHarmony security issues to this email address. Please encrypt your email using the public key. |
scy-priv@openharmony.io | A mailing list for discussing security issues | The Team members can subscribe to this mailing list to discuss security issues. |
security@openharmony.io | A mailing list for receiving security bulletins | Any developer can obtain the latest security bulletins by subscribing to this mailing list. |
You are welcome to report any potential security issue in the OpenHarmony community. For details, refer to OpenHarmony Bug Bounty Program.
The Team will assign specialists to track and handle security vulnerabilities. For more information, see OpenHarmony Security Vulnerability Governance.
For details about the disclosed security vulnerabilities in the OpenHarmony community, see Security Bulletins.
This list is used to provide security-related actionable information for OpenHarmony distributors. For details, see Private Distributors List.
Learn more about OpenHarmony and how to take part in security activities at OpenHarmony.
Learn about the individuals and teams that have contributed to the security of the OpenHarmony community at Acknowledgment.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。