Text/Safety Committee
Recently, the Dragon Lizard Community has officially established the Dragon Lizard Community Security Alliance (OASA , OpenAnolisSecurityAlliance) . The Dragon Lizard Community Security Alliance is a non-profit organization that promotes industrial cooperation. It is committed to creating a neutral and open communication platform that focuses on operating system information security, and promotes the systematic construction of the Dragon Lizard community and even the entire industry security ecosystem.
The Dragon Lizard community has established a full life cycle closed-loop security vulnerability management process system from vulnerability awareness and assessment to vulnerability repair and disclosure. The community conducts timely tracking and risk assessment of the latest security threats, and develops complete vulnerability repair strategies. It also releases security updates based on the threat level to help Dragon Lizard users fix security vulnerabilities in a timely manner and comprehensively improve system security.
01Vulnerability awareness
The community actively tracks the industry's well-known vulnerability libraries, security forums, mailing lists, security conferences, and cooperates with well-known third-party vulnerability intelligence awareness services and other channels to ensure that vulnerability information related to the Linux operating system is perceived at the first time, and through the establishment of A complete vulnerability library covering the entire line of Dragon Lizard products to ensure effective recording, tracking and closed loop of each security vulnerability.
02Vulnerability Assessment
The community is based on the industry-wide CVSS scoring framework and integrates the mature software package " hierarchical classification " theory of the Dragon Lizard operating system to establish a risk-based security vulnerability management system to evaluate the threat risk and severity level of vulnerabilities in multiple dimensions. Based on the risk of vulnerabilities being exploited in Dragon Lizard products in actual business environments, specific vulnerability repair strategies and response strategies will be formulated.
03Bug fix
The community's complete vulnerability repair and verification process, safe and trustworthy construction system and quality management system can effectively ensure that security vulnerabilities are responded to and repaired within the scheduled service time.
04Vulnerability disclosure
The community adheres to the principle of vulnerability repair and disclosure that is responsible for users. On the premise of complying with industry norms and policies and regulations, the community publishes ANSA through the official security portal of the community, as well as email subscription and other channels to promptly provide the users with And the downstream ecosystem pushes vulnerability mitigation and repair plans and suggestions to help users repair vulnerabilities in a timely manner and reduce security risks. So far, the vulnerability information and security updates that have been collected by the community are open to community developers and users across the entire network , and have formed community co-construction capabilities.
05 Dragon Lizard CNA
The community has successfully joined the CVE.org organization and become a CVE numbering authority. The community actively engages in security cooperation with partners, has discovered and reported multiple CVEs related to Linux systems, and assigned numbers to related vulnerabilities. The community also welcomes community enthusiasts, individuals and organizations related to the system security field to report security vulnerabilities through the Dragon Lizard community ([email protected]) to jointly maintain community security.
For more selected content from the Dragon Lizard White Paper, click here to view.
Related Links:
Dragon Lizard Safety Committee Home Page:
https://openanolis.cn/sig/security-committee
Dragon Lizard Safety Advisory (ANSA):
https://anas.openanolis.cn/errata
For more analysis of dragon lizard technical characteristics, please visit "Dragon Lizard Characteristics Encyclopedia":
https://anolis.gitee.io/anolis_features/
2022 Panoramic White Paper of the Dragon Lizard Community (or obtain it by replying to the keyword "White Paper" on the public account [OpenAnolis Dragon Lizard])
https://openanolis.cn/openanoliswhitepaper
-- over--