Fix Period
This section outlines the process and recommendations for implementing fixes, reviewing them, and the specific methodology for labeling issues during this phase
Fix Review Period
A 2-week fix review courtesy period is initiated to allow the client to implement fixes and have them reviewed by the security review team. This process is consultative and collaborative in nature and we urge clients to take full advantage of this courtesy period.
Extensions and Conditions
In the event that fixes are not fully reviewed after 2 weeks, the client can request an extension period by signing a fix-extension Statement of Work (SOW).
Labeling Fixes
The client is advised to follow a specific labeling methodology as issues progress through different statuses.
Status Labels
Changes Requested: Spearbit team uses this label for issues with the fix applied but requiring alterations. Once the client applies the changes to the PR, this label can be removed and replaced with Status: Changes Applied.
Changes Applied: Informs the Spearbit team that a change has been approved, requiring an updated label of Status: Verified by USERNAME.
Verified by USERNAME: Tagged if validated by a Spearbit security researcher or re-add Status: Changes Requested if new alterations are necessary.
Fixed: Applied if the project has fixed the issue.
Acknowledged: Applied if the project has acknowledged the issue without further action.
ReadyForReport: Used to confirm the issue is ready for the client report.
Labeling Example