DBSA:Howto

From Digibase Knowledge Base
Revision as of 07:08, 25 February 2014 by Kradorex Xeron (talk | contribs)
Jump to: navigation, search

Public: Please note: This is a document directed toward Digibase staff

DBSA Writeup Guidelines

When completing a DBSA, be sure that:

  • The issue is worth notifying the public about
  • Ensure that any sources or information is not just media sensationalism
  • Be sure to have operational details in the issue at hand and how it is impacting
  • Be sure you have technical details about the issue itself and not just the effect
  • Ensure that you don't use personal language, e.g. instead of "You should..." use "It is advised that...", this makes the advisories readable by a wider audience and not just those effected.

DBSA Template and Use

Find and locate a DBSA ID that isn't taken yet, should be next in sequence. Use our homepage to see which ID is the latest, then enter into your address bar (replacing NNNN with the new advisory ID):

  • http://kb.digibase.ca/index.php/DBSA:2024-NNNN

You should be prompted to edit it, do so. Copy and paste the following into it:

{{DBSAHEAD
| TITLE=
| KEYWORDS=
}}

'''DBSA ID:''' {{PAGENAME}}

'''Regarding:''' 

'''Writeup:''' ~~~~

'''Date:''' 2024 03 28

'''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}}

'''Who should take note:''' 

==Classification==

'''Priority:''' LOW/MODERATE/HIGH

'''Rationale:''' 

'''Severity:''' LOW/MODERATE/HIGH

'''Rationale:''' 

'''Spread of Issue:''' SINGLE-PLATFORM/MULTI-PLATFORM LOW/MODERATE/HIGH

'''Rationale:'''

==Description==


==Mitigation/Solution==


==References==
*

[[Category:DBSA|2024]]
 

Fill out the form in the style of the existing DBSAs, ensuring to adhere to the guidelines. If you are unclear on a field, use the following reference:

  • TITLE= Should be a short title that includes the item being discussed or at minimum any software vendor or service names.
  • KEYWORDS= A short list of keywords for the issue, refer to previous DBSAs for examples
  • DBSA ID: Should Remain as-is, this is autofilled live
  • Regarding: Should be the same as TITLE=
  • Writeup: Should Remain as-is, this is autofilled upon submission
  • Date: Should Remain as-is, this is autofilled on this template
  • Last Modified: Should Remain as-is, this is autofilled live
  • Who should take note: Enter here the users, administrators or so forth that may utilize this platform and are the first targets for the advisory
  • Classification: There are 3 pairs of headers with rationales, fill them out as according:
    • Priority Is effectively how fast people should act, if the issue is largely mitigated by general security common sense, downgrade it as the situation may deem
    • Severity Is how much of an impact the issue may have to those noted in Who should take note:
    • Spread of Issue: If the issue impacts potentially multiple operating systems (e.g. Windows and Mac), it qualifies as "Multi-Platform", if not (e.g. if Windows 7 and 8 are effected), "Single-Platform", complete this by entering just how prevailant the issue is. If the software or service is popular, HIGH, if not many people do
  • Description: Enter a description here, start by briefly introducing the service and/or software and/or vendor in one or two sentences, then begin describing the issue at hand, it should be easily readable, but may be technical as well.
  • Mitigation/Solution This is the actual advisement section. Enter either a permanent solution here that fixes the issue (e.g. do a software update), failing that enter a mitigation workaround that will work until the vendor/service is updated (e.g. turn off specific features), failing that (e.g. vendor refuses to fix the issue) advise upon alternatives to the effected item.
  • References Enter any article links prefixed with "* " (bullet points) that were utilized in the research, any and all linked items must be reputable, contain operational information and be free and not behind a paywall. Remember: People will utilize these to check further into the issue.

Once completed, submit as normal

DBSA Publishing

Once the advisory itself is created, the DBSA may be published by setting up the redirector, take the title used in the advisory, replace spaces with underscores:

  • http://kb.digibase.ca/index.php/DBSA-Redir:DBSA-2024-NNNN_Title_Here

Enter the following into it:

#REDIRECT [[DBSA:2024-NNNN]]

[[Category:DBSA-Redir]]
 

Submit and the advisory will be published. Feel free to note the advisory either by the redir or the raw ID article, and feel free too to note the issue on IRC or any other media you feel will get the advisory to those who need it.