Skip to content

OSG/PATh Cybersecurity Practices

Our goal is to provide a secure framework that enables science and promotes autonomous and open science collaboration among sites and users. This requires a balance between openness, which is necessary for science, and security.

Our mission is to protect OSG users and site resources from security breaches and provide convenient access to OSG resources.

Reporting a security incident

If you suspect a security problem, please report it immediately.

Examples of security problems include

  • compromised login credentials, including ssh keys
  • compromised software (e.g. bitcoin miners)
  • security vulnerabilities reported by other entities

Please promptly report security incidents involving OSG resources via email to [email protected] and CC the [email protected]. Please include the following information in your report:

  • Subject: Security Report - [Brief Description]
  • Your name, email address, phone number.
  • A description of the incident, including time(s), systems and user accounts involved, and any related event.
  • What is your affiliation with the OSG? What group and university are you affiliated with?
  • Do you think your OSPool/PATh identity (login credentials or tokens) is compromised?
  • Any additional comments or questions you have

When in doubt, report the issue. Early reporting helps us respond quickly, limit potential impact, and protect both users and shared computing resources.

Report security incidents to your local/home organization's incident response team in addition to the OSG Security team if applicable.

Suspected Vulnerabilities and Exposures

Users should not attempt to test, validate, exploit, or further investigate suspected vulnerabilities, exposures, misconfigurations, or security weaknesses on the systems, even if acting in good faith.

Testing suspected vulnerabilities can place shared systems, user data, and site resources at risk. These actions may also constitute a violation of OSG/PATh Use Policies.

If you discover or suspect a vulnerability, exposure, compromised credential, misconfiguration, or other security concern, report it immediately using the security incident reporting process above. A staff member will review, validate, and respond to the issue through appropriate security procedures.

Mailing Lists

The following addresses are open for use by all OSG members, partners, and collaborators:

[email protected] is the standard email address open to the OSG public for reporting of security incidents.