|Latest Resolved Issues
April 2016 p7 Security Announcement
The following issues already listed above are “Mitigation only” and are expected to be fully resolved in an upcoming release.
The following issues were fixed in earlier releases and contain improvements in this p7 release:
Network Time Foundation is Improving it’s NTP Project Security with NTS – Network Time Security Project – read our latest blog
When we discover a security vulnerability in NTP we follow our Phased Vulnerability Process which includes first notifying Institutional members of the NTP Consortium at Network Time Foundation, then CERT, and finally make a public announcement.
Security Patch Policy
When security patches are ready, they are first given to Premier and Partner Institutional members of the NTP Consortium at Network Time Foundation, then access instructions are provided to CERT, and finally the public release is made on the embargo date.
For more information about our NTP Consortium and how to become a member, see (http://nwtime.org/membership/benefits/)
Reporting Security Issues
Security related bugs, confirmed or suspected, are to be reported by e-mail to firstname.lastname@example.org.
Do not disclose details with unencrypted email-we will exchange PGP keys for further discussion.
You can also use our NTP Security Officer Key, for reporting issues you have verified are security related.
Please refrain from discussing potential security issues in public fora such as the comp.protocols.time.ntp Usenet news-group, our Bug Tracking system, email@example.com, or any other mailing-list.