Security

Security

openLooKeng is a high-performance distributed data virtualization query engine that supports joint query from heterogeneous data sources in different domains. It is applicable to interactive queries from TB or PB of data and must meet security requirements in various scenarios. As a high-performance big data in-memory computing engine, openLooKeng can run on different CPU platforms. Users can run standard SQL query statements to obtain query results. As data is the core asset, it is essential for perform continuous security protection of the big data system.

Join us to build a more secure big data in-memory computing engine.

Reporting Security Issues to the openLooKeng Community

Use the Suspected Security Issue Reporting Template to report the potential security issue so that the vulnerability management team (VMT) can identify and fix the issue as soon as possible. Your email will be acknowledged within one working day and replied with more details and subsequent handling measures within seven days.

Security Issue Disclosure Process in the openLooKeng Community

The security issues are handled as follows:

  • After receiving the security issue reported, the VMT immediately confirms the issue severity and integrity of the information reported.
  • Organize community teams to conduct technical analysis, identify the issue details, and provide analysis reports.
  • If the reported issue is a vulnerability, apply for Common Vulnerabilities and Exposures (CVE), communicate with vulnerability reporter about the issue and the subsequent fixing and release plan, and prepare the security advisory (SA).
  • Develop and verify the patch to fix the vulnerability, and initiate restricted disclosure.
  • Release the patch and SA.

openLooKeng Community VMT

The VMT consists of vulnerability management experts in the community. The team is responsible for coordinating the entire vulnerability fixing process, including:

  • Vulnerability collection: Potential security vulnerabilities discovered by community members and external researchers can be reported to the VMT via securities@openlookeng.io.
  • Vulnerability tracking and handling: The VMT confirms vulnerabilities, records the confirmed vulnerabilities in the openLooKeng community, fixes the vulnerabilities, and keeps communication with the reporter during the process.
  • Responsible disclosure: After the vulnerability is fixed, the VMT releases the vulnerability information to the community in the form of SA.

openLooKeng SA