Skip to content

Commit f0103c6

Browse files
lum1n0uslum1n0us
committed
Update advanced disclosure email communication methods in security runbook
1 parent 95f506a commit f0103c6

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

doc/security_issue_runbook.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ For information on what types of issues are considered security vulnerabilities
2323

2424
- Finalize Details: Once a fix is developed and the vulnerability is fully understood, finalize the advisory details and prepare for public release. Ensure the security issues are resolved in the private fork.
2525
- Request CVE: Use the Big Green Button on the advisory to request a CVE number from GitHub staff.
26-
- Advanced Disclosure Email: Decide on a disclosure date, typically within a week, and send an email to [email protected] about the upcoming security release. Other ways are also available to communicate the disclosure date.
26+
- Advanced Disclosure Email: Decide on a disclosure date, typically within a week, and send an email to [email protected] about the upcoming security release. It can be accomplished by posting on https://groups.google.com/a/bytecodealliance.org/g/sec-announce. Other ways are also available to communicate the disclosure date.
2727

2828
``` markdown
2929
> A template for the advanced disclosure email
@@ -46,7 +46,7 @@ The highest severity issue fixed in this release is classified as XXX based on t
4646
- Manually Make PRs from Private Fork: Transfer the necessary pull requests from the private fork to the public repository.
4747
- Merge and Trigger Releases: Merge the version bump PRs and trigger the release process.
4848
- Publish GitHub Advisories: Delete the private forks and use the Big Green Button to publish the advisory.
49-
- Send Security Release Email: Send a follow-up email to [email protected] describing the security release. Other communication channels can also be used to inform users about the security release.
49+
- Send Security Release Email: Send a follow-up email to [email protected] describing the security release. It can be accomplished by posting on https://groups.google.com/a/bytecodealliance.org/g/sec-announce. Other communication channels can also be used to inform users about the security release.
5050

5151
```markdown
5252
> A template for the security release email

0 commit comments

Comments
 (0)