Uploaded image for project: 'Qt Project Website'
  1. Qt Project Website
  2. QTWEBSITE-860 Security Policy Renewal
  3. QTWEBSITE-863

Identify and document established security processes

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Not Evaluated
    • Resolution: Done
    • Component/s: qt-project.org
    • Labels:
      None
    • Technical Risk:
      Normal
    • Commits:
      9ae3fa87202ef657f907276465c90c195bf07a81

      Description

      The following processes are currently in place, and should be documented as part of the security policy, as long as the project commits to continuing with their regular execution.

      • regular updating of 3rd party modules in LTS patch and new feature releases
      • documentation about which 3rd party module versions are included in a Qt release
      • audits through independent security auditors, including fuzzing, code review, and static code analysis

      Other processes could include risk assessments and threat analysis, penetration testing.

      For each process documented in the policy, an owner (or alternatively, a link to another process, such as the release process) needs to be identified and documented.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            vhilshei Volker Hilsheimer
            Reporter:
            vhilshei Volker Hilsheimer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes