Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SECURITY.md #4994

Merged
merged 1 commit into from
Nov 18, 2019
Merged

Add SECURITY.md #4994

merged 1 commit into from
Nov 18, 2019

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Nov 14, 2019

Status

Ready for review

Description of Changes

Fixes #4468

Provides a basic SECURITY.md file for the SecureDrop repository.

Testing

  • Does this make sense?
  • Should we add other contact methods?
  • Is this in line with GitHub's guidance

@emkll emkll requested review from redshiftzero and a team November 14, 2019 22:18
eloquence
eloquence reviewed Nov 15, 2019
View reviewed changes
SECURITY.md Outdated
If you have found a vulnerability, please **DO NOT** file a public issue. Please send us your report privately either via:

- SecureDrop's public bug bounty program managed by [Bugcrowd](https://bugcrowd.com/freedomofpress)
- Email to [email protected] (Optionally GPG-encrypted using the following fingerprint: `734F6E707434ECA6C007E1AE82BD6C9616DABB79`)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add link to https://securedrop.org/documents/6/fpf-email.asc ?

redshiftzero
redshiftzero previously approved these changes Nov 18, 2019
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks good to me, these contact methods are the right channels

(not going to merge so you can repush with a link to the FPF comms key)

@redshiftzero redshiftzero merged commit ed014be into develop Nov 18, 2019
@redshiftzero redshiftzero deleted the 4468-security-md branch November 18, 2019 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eloquence eloquence eloquence left review comments

@redshiftzero redshiftzero redshiftzero approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Set up GitHub Security Policy (SECURITY.md)
3 participants
@emkll @eloquence @redshiftzero