According to news from this site on December 16, according to the Open Atom public account, at the opening ceremony of the 2023 Open Atom Developer Conference, the open source vulnerability sharing platform and security reward program were officially released.
Feng Guanlin, Secretary General of the Open Atom Open Source Foundation, Ren Xudong, Vice Chairman of the Open Source Security Committee, Lu Levin, Chairman of the Open Source Vulnerability Information Sharing Project Working Committee, and representatives from Alibaba Cloud, Baidu, the Fifth Institute of Electronics of the Ministry of Industry and Information Technology, Huawei, JD Technology, Representatives from Ant Group, Qi Anxin, Tsinghua University, Sangfor, Tencent, Tongxin Software, Zhejiang University, Institute of Software of the Chinese Academy of Sciences and other units jointly released it.
# It is understood that the open source vulnerability sharing platform focuses on the vulnerability disposal of open source projects incubated by the foundation and the upstream projects it relies on. By involving multiple parties and comprehensively It focuses on 0day vulnerability management in the field of open source software through cycle coverage and promotes efficient disposal. It covers the full life cycle processing process of open source software vulnerability collection, verification, evaluation, reporting, repair and release, and provides all the necessary tools for vulnerability repair. Resources and environment are needed to comprehensively improve the ability to discover and repair 0day vulnerabilities in domestic open source software.
In order to encourage developers and researchers of open source projects and the upstream projects they depend on to actively participate in the identification of security vulnerabilities, the Foundation has launched a security reward program. This program allows developers and researchers to submit the security vulnerabilities they discover through an open call. If the vulnerability meets the four rating criteria of severe, high risk, medium risk, and low risk in the CVSS vulnerability scoring method, It will be deemed as a valid vulnerability and rewarded. Developers and security researchers can submit vulnerabilities through the Open Atom Open Source Foundation open source vulnerability sharing platform, or they can use the Open Atom Open Source Foundation Open Source Security Center Email PGP public key to encrypt the vulnerability information and send the vulnerability information to the Open Source Security Center Email
, you need to register on the platform and perform real-name identity authentication later.
The above is the detailed content of Open Atom, Huawei, Tencent and others jointly launch open source vulnerability sharing platform and security reward plan. For more information, please follow other related articles on the PHP Chinese website!