Update SECURITY.md #1726
Update SECURITY.md #1726
Conversation
The Security Council has approved a new SECURITY.md aligned with the bug-bounty process. Please update your project’s SECURITY.md with the correct links for your project and confirm that private vulnerability reporting is enabled for your repository. All bug bounty details found here: https://opensourcecommittee.docs.intersectmbo.org/about/paid-open-source-model-posm/bug-bounty-program' opensourcecommittee.docs.intersectmbo.org
ThatGuyLLC
requested review from
amesgen,
bladyjoker,
dnadales,
fraser-iohk,
geo2a,
jasagredo and
nfrisby
as code owners
| Please report (suspected) security vulnerabilities to [email protected]. You will receive a | ||
| response from us within 48 hours. If the issue is confirmed, we will release a patch as soon | ||
| as possible. | ||
| The Cardano open source project (xxx) is committed to ensuring the security of |
There was a problem hiding this comment.
What should we place instead of xxx?
| ## Contact Information | ||
|
|
||
| To report a security vulnerability, please use [GitHub | ||
| form]((add project github form for your project)). Should you experience any issues reporting via GitHub or have other questions, Please contact [Security]([email protected]). |
There was a problem hiding this comment.
Any idea if such a form exists or how to make one (is there a template)?
Also xref-checks is triggered on [Security]([email protected])
There was a problem hiding this comment.
This should probably be [Security](mailto:[email protected]) or something similar
|
|
||
| This Security Vulnerability Disclosure Policy may be updated or | ||
| revised as necessary. Please check the latest version of this policy | ||
| on the [xxxx repository]((add link for your project)). |
There was a problem hiding this comment.
sorry got baby in one arm, why short form response haha
There was a problem hiding this comment.
No worries mate! Keep that baby tight, I'll take over this! :) Appreciate it!
| the [private reporting form on | ||
| GitHub](https://github.com/input-output-hk/mithril/security/advisories/new) |
There was a problem hiding this comment.
Why is a Mithril link included here? Is that intentional? How does it relate to the form mentioned later?
There was a problem hiding this comment.
its meant as reference for yall if you have something similar for consensus
3 participants
The Security Council has approved a new SECURITY.md aligned with the bug-bounty process. Please update your project’s SECURITY.md with the correct links for your project and confirm that private vulnerability reporting is enabled for your repository. All bug bounty details found here:
https://opensourcecommittee.docs.intersectmbo.org/about/paid-open-source-model-posm/bug-bounty-program'
opensourcecommittee.docs.intersectmbo.org
Description
Please include a meaningful description of the PR and link the relevant issues
this PR might resolve.
Also note that: