|NONRTRIC - Q1 2021|
|Criteria||Result / Proof point|
|The project MUST provide a process for users to submit bug reports (e.g., using an issue tracker or a mailing list). (URL required)||Met|
|The project SHOULD use an issue tracker for tracking individual issues.||Met|
|The project MUST acknowledge a majority of bug reports submitted in the last 2-12 months (inclusive); the response need not include a fix.||Met|
|The project SHOULD respond to a majority (>50%) of enhancement requests in the last 2-12 months (inclusive).||Met|
|The project MUST have a publicly available archive for reports and responses for later searching. (URL required)||UnmetMet||JIRA: https://jira.o-ran-sc.org/projects/NONRTRIC/issues|
Vulnerability report process
|The project MUST publish the process for reporting vulnerabilities on the project site. (URL required)||Unmet|
If private vulnerability reports are supported, the project MUST include how to send the information in a way that is kept private. (URL required)
Examples include a private defect report submitted on the web using HTTPS (TLS) or an email encrypted using OpenPGP. If vulnerability reports are always public (so there are never private vulnerability reports), choose "not applicable" (N/A).
The project's initial response time for any vulnerability report received in the last 6 months MUST be less than or equal to 14 days.
If there have been no vulnerabilities reported in the last 6 months, choose "not applicable" (N/A).