From af3dfe614714b1425bc27809c7a1fc4997d24eee Mon Sep 17 00:00:00 2001 From: axel simon Date: Fri, 11 Apr 2025 17:07:50 +0100 Subject: [PATCH 1/3] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a46ae92..114197c 100644 --- a/README.md +++ b/README.md @@ -1 +1,3 @@ -# .github \ No newline at end of file +# .github + +StackHPC Github org-wide defaults and files. From aa231210f789f5eb999e7a95f7ae89c1eb9ae4b9 Mon Sep 17 00:00:00 2001 From: axel simon Date: Fri, 11 Apr 2025 17:10:22 +0100 Subject: [PATCH 2/3] Create SECURITY.md Basic SECURITY.md file for the StackHPC Github org. Taken from the Azimuth one, with Azimuth specifics removed. To be further improved and refined: - email address for contact (waiting on reliable email <--> jira connection) - supported versions info: this will probably require per-project SECURITY.md --- SECURITY.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..afb71c5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +# Security Policy + +## Reporting a Vulnerability + +Thank you for taking the time to improve StackHPC open sourcec projects. + +We take security issues seriously and appreciate your time and efforts in making +our open source projects safer through coordinated vulnerability disclosure. + +If you believe you have found a security vulnerability in this repository, +please use the built-in **"Report a vulnerability"** feature to notify us privately: +1. Navigate to the **Security** tab at the top of this repository. +2. Click on the **"Report a vulnerability"** button. +3. Fill out the form with details about the vulnerability and submit it. + +This ensures that only repository maintainers and authorized personnel can view the report. + +### What to Include in Your Report +To help us address the issue effectively, please include: +- A clear and detailed description of the vulnerability. +- Steps to reproduce the issue. +- Any potential impact of the vulnerability. +- Suggestions for mitigation, if possible. + +### Response Time +We are committed to investigating and responding to reported vulnerabilities promptly. +You can expect: +- An acknowledgment of your report within 48 hours. +- Updates as we progress on resolving the issue. +- Notification when the issue is resolved. + +Again, thank you for helping us keep our projects as secure as possible. From a4702382f1cb5f097b77179e698d4aa7519aa4af Mon Sep 17 00:00:00 2001 From: axel simon Date: Mon, 2 Jun 2025 22:43:32 +0100 Subject: [PATCH 3/3] Update SECURITY.md - Remove mention of Github private security reporting in favour of email address. - Small changes to wording. --- SECURITY.md | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index afb71c5..b1d0b77 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,18 +2,13 @@ ## Reporting a Vulnerability -Thank you for taking the time to improve StackHPC open sourcec projects. +Thank you for taking the time to improve StackHPC open source projects. -We take security issues seriously and appreciate your time and efforts in making -our open source projects safer through coordinated vulnerability disclosure. +We take security issues seriously and appreciate your time and efforts in making +our code safer through coordinated vulnerability disclosure. -If you believe you have found a security vulnerability in this repository, -please use the built-in **"Report a vulnerability"** feature to notify us privately: -1. Navigate to the **Security** tab at the top of this repository. -2. Click on the **"Report a vulnerability"** button. -3. Fill out the form with details about the vulnerability and submit it. - -This ensures that only repository maintainers and authorized personnel can view the report. +If you believe you have found a security vulnerability in any StackHPC repository, +please use email secalert@stackhpc.com to notify us privately. ### What to Include in Your Report To help us address the issue effectively, please include: @@ -23,10 +18,10 @@ To help us address the issue effectively, please include: - Suggestions for mitigation, if possible. ### Response Time -We are committed to investigating and responding to reported vulnerabilities promptly. +We are committed to investigating and responding to reported vulnerabilities promptly. You can expect: - An acknowledgment of your report within 48 hours. - Updates as we progress on resolving the issue. - Notification when the issue is resolved. -Again, thank you for helping us keep our projects as secure as possible. +Thank you for helping us keep open source as secure as possible.