Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(security): Create SECURITY.md #1480

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

docs(security): Create SECURITY.md #1480

wants to merge 1 commit into from

Conversation

murka
Copy link
Contributor

@murka murka commented Jan 24, 2024
edited

Hey, the outline-server have no SECURITY.md is not good :)

This is my proposal, and please don't forget to turn on Advisories system of Security

@murka murka requested a review from a team as a code owner January 24, 2024 16:55
@murka
Copy link
Contributor Author

murka commented Jan 24, 2024

@fortuna @sbruens @daniellacosse @jyyi1, what do you think about my proposal?

@daniellacosse
Copy link
Contributor

We have a template for this, actually!

To report a security issue, please email [vulnerability management team alias](mailto:[email protected])
with a description of the issue, the steps you took to create the issue,
affected versions, and, if known, mitigations for the issue. Our vulnerability
management team will respond within 3 working days of your email. If the issue
is confirmed as a vulnerability, we will open a Security Advisory. This project
follows a 90 day disclosure timeline.

daniellacosse
daniellacosse requested changes Jan 24, 2024
View reviewed changes
Copy link
Contributor

@daniellacosse daniellacosse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We gotta use our approved SECURITY.md, see my above comment

@fortuna
Copy link
Collaborator

fortuna commented Jan 24, 2024
edited

@murka Let us discuss internally and we will get back to you. We should probably bo doing this change ourselves.

I've enabled private vulnerability reporting on all the repos. Thanks for the tip.

@murka
Copy link
Contributor Author

murka commented Jan 25, 2024

You're welcome, I will be await for your feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniellacosse daniellacosse daniellacosse requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@murka @daniellacosse @fortuna