en:vulnerability_report

Vulnerability reporting

The CESNET Association dedicates considerable efforts to ensuring the security and condition of the CESNET e-infrastructure and the services provided. Accordingly, the condition of the e-infrastructure and the services provided is being regularly and systematically reviewed in order to identify and remove any vulnerable and compromised devices. The risk of potential attacks is regularly assessed. The outcome of these activities is reflected in the operation, security, incident solving and development of services. Security is perceived as a dynamic process consisting of continuous assessment of the current status, development, enhancement, correction and prevention of undesirable events. The key here is the promptness of the response to identified issues and weaknesses. A great emphasis is put on joint action in national and international security platforms and communication and information sharing with security experts.

We also appreciate any reports on security incidents and vulnerabilities related to our systems and services. Each such report is taken care of and verified; remedial action is taken as soon as possible.

Vulnerability reporting rules:

  • Please submit any vulnerability discovered by e-mailing the report to certs@cesnet.cz. Please encrypt the e-mail using our PGP key if possible. If you cannot use email please contact any member of the CESNET-CERTS team through the CESNET Service Desk.
  • Any report should include the following information:
    • your name and contact information;
    • your PGP key to encrypt the reply;
    • description of the vulnerability found including detailed instructions about how to reproduce the issue.

When searching and testing vulnerabilities, please refrain from disrupting the privacy, damaging the stored data or impairing any services provided.

All reports sent to certs@cesnet.cz will be processed by a member of the CESNET-CERTS team in compliance with the internal alert processing procedures while respecting the content of the alert and the sender. Our response to your alert may take up to three working days from the date the alert had been sent.

Poslední úprava:: 04.05.2018 15:25