...
This includes vulnerabilities, malicious indicators and exposed or compromised credentials ;
. Whenever possible the eduGAIN Security Team will notify entities when information about exposed credentials surfaces. Although the origin of the compromise or its context may not be known, the available data is made available to the possibly affected entity, so that they can make their own determination.
...
- Strictly abiding to the Traffic Light Protocol (TLP, https://www.first.org/tlp/), which is used in most communications to mark information being shared according to its sensitivity and the audience with whom it may be shared. TLP violations will be followed-up with the utmost severity.
- Urging all entities to adopt (and update their metadata accordingly) the Sirtfi framework (https://refeds.org/sirtfi). Federation Participants that support the Sirtfi framework (https://refeds.org/sirtfi) will receive full Incident Response information, more details on vulnerabilities or ongoing attacks, and support. Federation Participants that do not support Sirtfi will receive limited information and support.
...