...
Clarification on the processing of security related issues within CSP workflow
...
Workflow #1: Treatment of CVE requires work in module(s) of one Development team
If Security team considers the vulnerability (CVE) as required for inclusion in CSP and CVE impacts only module(s) of one development team, security team need to create a jira with the following data:
...
All the process logistics stays intact, that is it is PO who will need to drive request via approval and jira completion.
...
Workflow #2: Treatment of CVE requires work in modules of several Development teams
If Security team considers the CVE as required for inclusion in CSP and CVE impacts modules of several development teams, Security team needs to create a jira(s) with the required per current process data and seek approval from RMS panel according to the process.
...