Describe security policies on various components to the ARM
We were discussing how we should treat the security vulnerabilities in BIND 9 components and this is probably something that should go into the ARM along with recommendations.
E.g.:
- authoritative query processing (PR:N)
- recursive query processing (PR:L)
- zone transfers
- control channel
I mean, I think we could expand and merge this document: https://gitlab.isc.org/isc-projects/bind9/-/wikis/CVSS-Scoring-Guidelines to the ARM.