Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


NONRTRIC - Q1 2021
CriteriaResult / Proof point 

Bug-reporting process

The project MUST provide a process for users to submit bug reports (e.g., using an issue tracker or a mailing list). (URL required) Met
The project SHOULD use an issue tracker for tracking individual issues.Met
The project MUST acknowledge a majority of bug reports submitted in the last 2-12 months (inclusive); the response need not include a fix.Met
The project SHOULD respond to a majority (>50%) of enhancement requests in the last 2-12 months (inclusive).Met
The project MUST have a publicly available archive for reports and responses for later searching. (URL required)UnmetMetJIRA:

Vulnerability report process

The project MUST publish the process for reporting vulnerabilities on the project site. (URL required)Unmet

If private vulnerability reports are supported, the project MUST include how to send the information in a way that is kept private. (URL required) 

Examples include a private defect report submitted on the web using HTTPS (TLS) or an email encrypted using OpenPGP. If vulnerability reports are always public (so there are never private vulnerability reports), choose "not applicable" (N/A).


The project's initial response time for any vulnerability report received in the last 6 months MUST be less than or equal to 14 days. 

If there have been no vulnerabilities reported in the last 6 months, choose "not applicable" (N/A).