outline-server icon indicating copy to clipboard operation
outline-server copied to clipboard
verified publisher icon Jigsaw-Code

docs(security): Create SECURITY.md

Open murka opened this issue 2 years ago • 4 comments

Hey, the outline-server have no SECURITY.md is not good :)

This is my proposal, and please don't forget to turn on Advisories system of Security

murka avatar Jan 24 '24 16:01 murka

@fortuna @sbruens @daniellacosse @jyyi1, what do you think about my proposal?

murka avatar Jan 24 '24 17:01 murka

We have a template for this, actually!

To report a security issue, please email [vulnerability management team alias](mailto:[email protected])
with a description of the issue, the steps you took to create the issue,
affected versions, and, if known, mitigations for the issue. Our vulnerability
management team will respond within 3 working days of your email. If the issue
is confirmed as a vulnerability, we will open a Security Advisory. This project
follows a 90 day disclosure timeline.

daniellacosse avatar Jan 24 '24 21:01 daniellacosse

@murka Let us discuss internally and we will get back to you. We should probably bo doing this change ourselves.

I've enabled private vulnerability reporting on all the repos. Thanks for the tip.

fortuna avatar Jan 24 '24 22:01 fortuna

You're welcome, I will be await for your feedback!

murka avatar Jan 25 '24 09:01 murka