Adding Microsoft SECURITY.MD #2597
Conversation
![microsoft-github-policy-service[bot]](https://avatars.githubusercontent.com/in/95686?s=60&v=4){kind=small}
|
|
||
| Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). | ||
|
|
||
| If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. |
There was a problem hiding this comment.
| If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. | |
| If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. |
There was a problem hiding this comment.
Can you remove the "en-us" from the links to make the links language neutral?
There was a problem hiding this comment.
I believe you can suggest changes at https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md to modify the global template. @jeffwilcox, FYI
There was a problem hiding this comment.
Yes, appreciate any such improvements to the source file (and also incrementing the "version" in the comment), we've taken the content from security teams in the past.
There was a problem hiding this comment.
I don't think we should link to a page which says "We're no longer updating this content regularly. Check the Microsoft Product Lifecycle for information about how this product, service, technology, or API is supported." at the top.
There was a problem hiding this comment.
Sure does seem like the links should be aka.ms links that could be more resilient. I'm trying to track down who's still at the company who helped roll out the initial SECURITY.MD template, since updates are expensive and hard to do.
|
Doc has been updated with our feedback, but bot did not update this PR. |
Please accept this contribution adding the standard Microsoft SECURITY.MD 馃敀 file to help the community understand the security policy and how to safely report security issues. GitHub uses the presence of this file to light-up security reminders and a link to the file. This pull request commits the latest official SECURITY.MD file from https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md.
Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.