Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is a standard for documenting security vulnerability reporting #13

Open
1 of 3 tasks
izgeri opened this issue Dec 10, 2019 · 1 comment
Open
1 of 3 tasks

There is a standard for documenting security vulnerability reporting #13

izgeri opened this issue Dec 10, 2019 · 1 comment
Labels
kind/documentation

Comments

@izgeri
Copy link
Contributor

izgeri commented Dec 10, 2019
edited
Loading

Our public repositories should clearly document what process non-employees should do to report potential security bugs. This could involve:

  • Including a SECURITY.md file, or similar
  • Including a snippet in the README or CONTRIBUTING that refers to the security bug policy
  • Other options?

In this effort, we will define the standard way Conjur Open Source repos should document security vulnerabilities, and we will update the current set of public non-archived repositories to follow this process.

AC:

  • There is a process defined for documenting how to report security vulnerabilities
  • Any new repo templates or guidelines are updated with this policy
  • All existing public non-archived repos follow this process
@boazmichaely
Copy link

@izgeri just capturing here the Security.md policy which you shared:
https://github.com/cyberark/conjur/blob/master/SECURITY.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@izgeri @boazmichaely