You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+11-2Lines changed: 11 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,12 +8,16 @@ and via [edX](http://edx.org/professional-certificate/linuxfoundationx-secure-so
8
8
9
9
## Highlights
10
10
11
-
Please **[select the course you are interested in and take it](https://openssf.org/training/courses/)** if you just want to *take* these courses. This site is intended for those who are updating the courses or using its content in special ways.
11
+
Please **[select the course you are interested in and take it](https://openssf.org/training/courses/)** if you just want to *take* these courses.
12
12
13
-
Please see **[*Secure Software Development Fundamentals* content converted into Markdown format](secure_software_development_fundamentals.md)** for the main content of this repository.
13
+
This repository is instead intended for those who want to modify the course material or using its content in special ways.
14
14
15
15
If you see something in the course that should be changed, please **[file an issue](https://github.com/ossf/secure-sw-dev-fundamentals/issues)** or (even better) **[create a pull request](https://github.com/ossf/secure-sw-dev-fundamentals/pulls)**.
16
16
17
+
Please see **[*Secure Software Development Fundamentals* content in Markdown format](secure_software_development_fundamentals.md)** for the main **text** content of the course (in this repository). The text embeds references to images that are also in this repository. The course as delivered includes some video introductions; those files are very large and so they aren't currently stored in this repository.
18
+
19
+
There are video introductions, but the videos are in large files. See the [repository with the corresponding videos](https://github.com/ossf/secure-sw-dev-videos).
20
+
17
21
## Details
18
22
19
23
<imgsrc="by.svg"width="60"height="21"alt="CC-BY">This informational content is released under the [Creative Commons Attribution License (CC-BY) version 4.0](https://creativecommons.org/licenses/by/4.0/legalcode.txt), so you can reuse it in many ways. We want you to use this information! There are some <b>exceptions</b>: we quote some images (such as from xkcd) which are under their own licenses. Also, to counter cheating we do not release certain testing materials this way at all (so they are not in this repository). Note that we update this material, so you should be prepared for updates if you use a significant portion of it.
@@ -28,6 +32,8 @@ project. Changes that are accepted into the Markdown must go through a series of
28
32
29
33
Changes to the markdown must have no errors reported by `markdownlint` using our configuration. This is checked when a pull request is made. You can do this check locally by installing markdownlint (e.g., `brew install markdownlint-cli` or `npm install -g markdownlint-cli`) and running `make`.
30
34
35
+
You can see a generated [table of contents](toc.md) - rerun `make` to regenerate it. This generated file is included in the repository itself for convenience of those new to the document.
36
+
31
37
This content was originally converted from Google docs format using
32
38
[gdocs2md](http://github.com/mangini/gdocs2md),
33
39
patched to skip inline drawings.
@@ -42,4 +48,7 @@ This course is one of the results of the
42
48
[Open Source Security Foundation (OpenSSF)](https://openssf.org/)
43
49
[Best Practices working group (WG)](https://github.com/ossf/wg-best-practices-os-developers).
44
50
51
+
If you want to report vulnerabilities in this project, please see
52
+
[SECURITY.md](./SECURITY.md).
53
+
45
54
Our thanks to Flavia Cioanca for her work to convert the text into live courses!
We're *glad* if you want to report a vulnerability!
4
+
5
+
If you wish to propose text to explain how to detect and prevent a *kind*
6
+
of vulnerability that is already publicly known, please just file a normal
7
+
issue and/or pull request. We don't consider that a "vulnerability report"
8
+
in the sense that many people use the term.
9
+
10
+
In some cases we're the wrong place to report vulnerabilities to:
11
+
12
+
* If you wish to report a vulnerability on a specific project that isn't
13
+
this project, please don't report that here. Instead, please report the
14
+
vulnerability to that project.
15
+
* If you wish to report a general vulnerability in edX or the
16
+
Linux Foundation Training & Certification platform, please report the
17
+
vulnerability to them instead.
18
+
19
+
However, in some cases we *do* want you to report a vulnerability to us:
20
+
21
+
* If you wish to report a vulnerability in this *specific* course
22
+
as supported by the Linux Foundation (via edX or the Linux Foundation
23
+
Training & Certification platform).
24
+
* If you wish to propose text to explain how to detect and prevent a *kind*
25
+
of vulnerability that has *never* been publicly announced or
26
+
discussed anywhere.
27
+
28
+
If you want to report those kinds of vulnerabilities to us,
29
+
please use the GitHub mechanism [privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) to this repository.
0 commit comments