Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding SECURITY.md #89

Merged
merged 9 commits into from
Mar 23, 2021
Merged

Adding SECURITY.md #89

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
230aeb0
Create SECURITY.md
jshcodes Mar 22, 2021
462d5e3
Update SECURITY.md
jshcodes Mar 22, 2021
77e813d
Update SECURITY.md
jshcodes Mar 23, 2021
4106ff0
Update SECURITY.md
jshcodes Mar 23, 2021
313069c
Update SECURITY.md
jshcodes Mar 23, 2021
36440ab
Update SECURITY.md
jshcodes Mar 23, 2021
f3eb337
Update SECURITY.md
jshcodes Mar 23, 2021
93ead5e
Update SECURITY.md
jshcodes Mar 23, 2021
2164786
Update SECURITY.md
jshcodes Mar 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Security Policy
This document outlines security policy and procedures for the CrowdStrike `falconpy` project.
+ [Supported Python versions](#supported-python-versions)
+ [Supported FalconPy versions](#supported-falconpy-versions)
+ [Reporting a potential security vulnerability](#reporting-a-potential-security-vulnerability)
+ [Disclosure and Mitigation Process](#disclosure-and-mitigation-process)

## Supported Python versions

FalconPy functionality is only tested to run under the following versions of Python.

| Version | Supported |
| :------- | :--------- |
| 3.9.x | :white_check_mark: |
| 3.8.x | :white_check_mark: |
| 3.7.x | :white_check_mark: |
| 3.6.x | :white_check_mark: |
| <= 3.5 | :x: |
| <= 2.x.x | :x: |

## Supported FalconPy versions

We release patches for security vulnerabilities as they are discovered.

Version eligibility for receiving patches depends on the CVSS v3.0 Rating:

| CVSS v3.0 | Supported Versions |
| :------- | :-------------------- |
| 9.0 - 10.0 | Releases within the past three months |
| 4.0 - 8.9 | Most recent release |
jshcodes marked this conversation as resolved.
Show resolved Hide resolved

## Reporting a potential security vulnerability

Please report suspected security vulnerabilities to [email protected]__.
jshcodes marked this conversation as resolved.
Show resolved Hide resolved

## Disclosure and mitigation process

Upon receiving a security bug report, the issue will be assigned to one of the project maintainers. This person will coordinate the related fix and release
process, involving the following steps:
+ Communicate with you to confirm we have received the report and provide you with a status update.
- You should receive this message within 48 hours.
jshcodes marked this conversation as resolved.
Show resolved Hide resolved
+ Confirmation of the issue and a determination of affected versions.
+ An audit of the codebase to find any potentially similar problems.
+ Preparation of patches for all releases still under maintenance.
- These patches will be submitted as a separate pull request and contain a version update.
- This pull request will be flagged as a security fix.
- Once merged, and after post-merge unit testing has been completed, the patch will be immediately published to both PyPI repositories.

## Comments
If you have suggestions on how this process could be improved, please let us know by [starting a new discussion](https://github.com/CrowdStrike/falconpy/discussions) or sending the maintainers an email at [email protected].
jshcodes marked this conversation as resolved.
Show resolved Hide resolved