Security
This section describes security practices and procedures for the Dataverse team.
Intake of Security Issues
As described under Reporting Security Issues, we encourage the community to email security@dataverse.org if they have any security concerns. These emails go into our private ticket tracker (RT).
We use a private GitHub issue tracker at https://github.com/IQSS/dataverse-security/issues for security issues.
Sending Security Notices
When drafting the security notice, it might be helpful to look at previous examples.
Gather email addresses from the following sources (these are also described under Ongoing Security of Your Installation in the Installation Guide):
“contact_email” in the public installation spreadsheet
“Other Security Contacts” in the private installation spreadsheet
Once you have the emails, include them as bcc.