Add new Vulnerability Response Document #597
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This document introduces a guide and some rules on how to report vulnerabilities found in the Gridcoin Research Client. It also contains a step by step procedure for the respondents to follow. It has been lifted from the monero repository and was instated there after a major vulnerability was found and patched.
Currently I listed myself as the only respondent. As soon as I get the emails and pgp fingerprints of @denravonska and @gridcoin , or another member of the community that has been identified to be suitable for this role, I will remove myself from the list and add them instead.
Please do suggest changes to the time-frames, correspondence and disclosure media and overall workflow.
Only merge this pr, once the appropriate emails and pgp keys have been collected.