This project contains a generic copy of the resources used by Portcullis Computer Security to manage our Advisory Process.

For background, our advisory process is managed by a dedicated vendor liason team who utilise an issue management system to track all of the issues we find from identification through to disclosure.

You can find further details about our processes the docs subdirectory. The Co-ordinated Disclosure Policy is intended for public consumption whilst the Advisory Process is expected to have a primarily internal audience.

Portcullis publish our advisories in two main forms, as text based summaries on mailing lists along with a full disclosure of the technical findings on our web site at:

• https://www.portcullis-security.com/security-research-and-downloads/security-advisories/

To do so we utilise a generic XML schema (advisory.xml) which we can generate from the issue management system along with a number of XSLT templates which ensure constant formatting. We have templates to support text, HTML and markdown based publishing. These files can be found in the templates directory.

We are publishing this toolkit in an attempt to support the community at a time where the whole question of disclosure is again being discussed. Further details of our take on the philosophical debate around disclosure can found at:

• https://www.portcullis-security.com/changes-to-the-portcullis-advisories-process/

This work is licensed under the Creative Commons Attribution 4.0 International License. You can find a copy of this license at:

• http://creativecommons.org/licenses/by/4.0/.

Cheers,

Tim Brown (@timb_machine)

Head Of Research

Portcullis Computer Security Ltd