Re: clarification on "security" & "security-services" labels in EdgeX-Go project.
toggle quoted messageShow quoted text
+1; security is too vague and is liable to return us to the same issue. security_audit or break it up even more (security_cve, security_patch, etc.)
+1 to Trevor’s suggestion for differentiating the labels. “security_audit” is more descriptive.
Maybe “security” should be “security_audit” then?
It was brought out and discussed during our weekly security working group meeting last week that how we define and use ”security” and “security-services” label when evaluating the incoming issues. For clarification here is the basic idea
when we apply the labels:
- When the issue is related to general security topics, such as CVE vulnerabilities, security patches etc., we will label the issue as “security”
- When the issue is related to the security components in EdgeX such as security-secrete-setup/security-proxy-setup etc., we will able the issue as “security-services”.
Hope it help.
Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.