Skip to content

Commit

Permalink
Link to responsible disclosure guidelines in Security-Policy remediat…
Browse files Browse the repository at this point in the history
…ion doc (#1545)

* refer to repsonsible disclosure guidelines

* typo
  • Loading branch information
laurentsimon authored Jan 27, 2022
1 parent 17467c1 commit 40a9d48
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docs/checks.md
Original file line number Diff line number Diff line change
Expand Up @@ -517,7 +517,7 @@ information about a bug is not publicly visible.

**Remediation steps**
- Place a security policy file `SECURITY.md` in the root directory of your repository. This makes it easily discoverable by a vulnerability reporter.
- The file should contain information on what constitutes a vulnerability and a way to report it securely (e.g. issue tracker with private issue support, encrypted email with a published public key).
- The file should contain information on what constitutes a vulnerability and a way to report it securely, e.g., an issue tracker with private issue support, encrypted email with a published public key. Follow the [coordinated vulnerability disclosure guidelines](https://github.com/ossf/oss-vulnerability-guide/blob/main/guide.md) to respond to vulnerability disclosures.
- For GitHub, see more information [here](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository).

## Signed-Releases
Expand Down
4 changes: 3 additions & 1 deletion docs/checks/internal/checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -551,7 +551,9 @@ checks:
- >-
The file should contain information on what constitutes a vulnerability
and a way to report it securely (e.g. issue tracker with private issue
support, encrypted email with a published public key).
support, encrypted email with a published public key). Follow the
[coordinated vulnerability disclosure guidelines](https://github.com/ossf/oss-vulnerability-guide/blob/main/guide.md)
to respond to vulnerability disclosures.
- >-
For GitHub, see more information
[here](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository).
Expand Down

0 comments on commit 40a9d48

Please sign in to comment.