From 0fce19c068fbcfb4d35ee8eaf15bad1718d91dbc Mon Sep 17 00:00:00 2001 From: Marta Rybczynska Date: Fri, 30 May 2025 14:40:08 +0200 Subject: [PATCH] inventory.md: Add Eclipse Foundation resources Add Eclipse Foundation resources or vulnebility management, and security practices. Signed-off-by: Marta Rybczynska --- inventory.md | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/inventory.md b/inventory.md index a3f1495..f52eee8 100644 --- a/inventory.md +++ b/inventory.md @@ -379,7 +379,45 @@ This section contains references which are relevant to: * **Type:** policy * **Publication date:** current - + +### Eclipse Foundation + +* [Eclipse Foundation Security Policy](https://www.eclipse.org/security/policy/) - The Eclipse Foundation Security Policy describes the general principles under which the Eclipse Foundation manages the reporting, management, discussion, and disclosure of Vulnerabilities discovered in Eclipse software. The policy applies to all Eclipse Foundation projects. +
+ More info + + * **Title:** Eclipse Foundation Security Policy + * **URL:** https://www.eclipse.org/security/policy/ + * **Publisher:** Eclipse Foundation + * **License:** Eclipse Public License v2.0 + * **Type:** policy + * **Publication date:** 2024, current +
+ +* [Managing and Reporting Vulnerabilities from the Eclipse Foundation Handbook](https://www.eclipse.org/projects/handbook/#vulnerability) - The Eclipse Foundation Handbook provides guidelines on processes related to the life cycle of projects under the Eclipse Foundation. The chapter on managing and reporting vulnerabilities describes details, and gives implementation options, of the process described in the [Eclipse Foundation Security Policy](https://www.eclipse.org/security/policy/). +
+ More info + + * **Title:** Eclipse Foundation Handbook: Managing and Reporting Vulnerabilities + * **URL:** https://www.eclipse.org/projects/handbook/#vulnerability + * **Publisher:** Eclipse Foundation + * **License:** Eclipse Public License v2.0 + * **Type:** practice + * **Publication date:** current +
+ +* [The Eclipse Security Handbook](https://eclipse-csi.github.io/security-handbook/) - The Eclipse Security handbook provides guidelines on securing developer's account, advanced topics in vulnerability management (like embargoes and security advisories), or SBOM (Software Bill of Materials). +
+ More info + + * **Title:** Eclipse Security Handbook + * **URL:** https://eclipse-csi.github.io/security-handbook/ + * **Publisher:** Eclipse Foundation + * **License:** Eclipse Public License v2.0 + * **Type:** practice + * **Publication date:** current +
+ #### OpenStack Foundation * [OpenStack Vulnerability Management Process](https://security.openstack.org/vmt-process.html) - The OpenStack VMT Process describes how OpenStack manages security vulnerabilities through coordinated disclosure. It outlines the responsibilities of the independent VMT, including prompt vulnerability resolution, limiting early information exposure, and structured handling from initial report receipt to embargoed disclosure. The process involves confidential reporting channels, internal patch review, drafting impact descriptions, and brief embargo periods. Each issue receives dedicated coordination, including CVE assignment and release scheduling. The documented practices align with industry standards for coordinated vulnerability disclosure and multi-party incident handling.