...
As happened in the last few years, the eduGAIN CSIRT (formerly eduGAIN Security Team) run a challenge to assess a critical part of the eduGAIN communication infrastructure: the security contacts of the eduGAIN Participants, where available. The security contacts email addresses has been retrieved from the eduGAIN Database using the APIs published on the technical site. The proceder procedure used to collect the email addresses is available on the GEANT gitlab:
...
Assuming that all contacted participants received the challenge e-mail and understood what action was expected from them, we had the following results: 75% success rate, in absolute numbers 36 participants out of 48 have reacted within the challenge time frame (6 5 days). This results are in line with the eduGAIN CommsChallenge2022-12 Results, though slightly badworse.
36 participants (75 %) have reacted
...
The graph above shows that the all reactions were recorded within 96 hours, with the vast majority within 24 hours. Given that almost all time zones were covered in this global exercise the reaction times are very good and indicate that the security contact addresses of the participants are also monitored during out-of-office hours.
| Time | Respondants |
|---|---|
| < 4h | 30 |
| < 10h | 32 |
| < 24h | 34 |
Follow Up
The participants that have not reacted to the challenge will be were contacted by the eduGAIN CSIRT.eduGAIN CSIRT on 31-01-2024:
| Federation | Additional response/clarification |
|---|---|
| CAFE | |
| CARSI | |
| FENIX | |
| GAKUNIN | OK |
| HAKA | OK |
| IRFED | |
| LAIFE | |
| OMREN | OK |
| ROEDUNETID | OK |
| TIGERFED | |
| WAYF | OK |