Risk Assessments
The Risk is that which the GSVG considers arises when the EGEE/gLite middleware is deployed in the default configuration in the Grid environment. Normally, a bug fix is required either to EGEE middleware or to third party software to resolve this. The risk allows a target date for resolution to be set according to the risk, thus allowing the prioritization of the resolution of problems according to risk. If there is a departure from this basis, then it should be clearly stated. There may be a risk to a user, to sites deploying the software, to a VO, to the Grid infrastructure, or to other third parties.
Each issue is assessed by at least 3 members of the Risk Assessment Team (RAT). If it is considered valid, is put into 1 of 4 possible Risk Categories
Extremely Critical
Examples
- Root access with or without grid credentials
- Trivial compromise of core grid component
Actions
- OSCT and EMT alerted immediately
- Issue quick patch
Target date set to 2 working days
(Such cases expected to be very rare, if we ever get any)
High
Examples
- Remote exploit against Middleware component
- Identity theft or impersonation
- Grid Wide DoS
Target Date set to 3 weeks
Moderate
Examples
- Local DoS
- Potentially serious, but hard to exploit problem
Set Target Date to 3 months
Low
Set Target date to 6 months
For more details see the Vulnerability Process description.
| Back to issues page | GSVG home |
| Back to advisories page |
Last modified Tue 11 December 2007 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3