The Eclipse Foundation has a policy regarding the resolution and responsible disclosure of identified vulnerabilities. The short version is that this is one of the rare areas where open source transparency and openness ideals may be curtailed for a period of time while a vulnerability is addressed privately; but that all identified vulnerabilities, regardless of whether or not they are fixed, must be disclosed after no more than three months.
Projects
The Eclipse Foundation is home to the Eclipse IDE, Jakarta EE, and hundreds of open source projects, including runtimes, tools, specifications, and frameworks for cloud and edge applications, IoT, AI, automotive, systems engineering, open processor designs, and many others.
Supporters
The Eclipse Foundation is an international non-profit association supported by our members, including industry leaders who value open source as a key enabler for their business strategies.
Membership
Sponsorship
Collaborations
Whether you intend on contributing to Eclipse technologies that are important to your product strategy, or simply want to explore a specific innovation area with like-minded organizations, the Eclipse Foundation is the open source home for industry collaboration.
Industry Collaborations
Research Collaborations
Resources
The Eclipse community consists of individual developers and organizations spanning many industries. Stay up to date on our open source community and find resources to support your journey.
Open Source for Business
What's Happening
Developer Resources
The Foundation
The Eclipse Foundation provides our global community of individuals and organizations with a mature, scalable, and vendor-neutral environment for open source software collaboration and innovation.
- Home
- Blogs
- Wayne Beaton's blog
- Vulnerabilities and Responsible Disclosure
