Not too long ago, the Heartbleed OpenSSL vulnerability impacted the NSF cyberinfrastructure (CI) community along with many others. CTSC analyzed this vulnerability and published guidance to the community on how CI developers should respond, how users should respond and who was impacted. But we feel we could have done better with better established communication channels to the community.
Based on this experience, CTSC is announcing the creation of three email lists open to the NSF CI community:
- The CTSC Infrastructure Operators Announce List is an announcement-only list for infrastructure providers (e.g. system administrators, devops) who would like to receive updates about security issues that may impact the systems you run or how you provide services. Traffic to this list is low and sporadic -- we'll only email you when there is something to tell you.
- The CTSC Software Developers Announcement List is an announcement-only list for software developers who would like to receive updates about security issues that may impact the tools or frameworks you use, or how you develop software. Traffic to this list is low and sporadic -- we'll only email you when we really have something to tell you.
- The CTSC Security Discussion List is for anyone in the community with questions about security or for discussions about cybersecurity (e.g. CTSC may discuss the severity of a vulnerability on this list before announcing it on the other two lists). Unlike the announcement lists, discussion is encouraged. Traffic to this list is currently pretty low, but may change based on community interest and needs.
- To email the CTSC Discussion List, please send email to firstname.lastname@example.org. (Posting is limited to subscribers to prevent SPAM.)
We hope to see you there!
For the latest information on these lists, please visit http://trustedci.org/ctsc-email-lists/