Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a Security Policy #415

Merged
merged 1 commit into from Mar 25, 2023
Merged

Create a Security Policy #415

merged 1 commit into from Mar 25, 2023

Conversation

joycebrum
Copy link
Contributor

@joycebrum joycebrum commented Mar 21, 2023

Closes #414

I've created the SECURITY.md file considering the report vulnerability through security advisory, which is a new github feature still in beta and that has to be enabled.

If you're interested in GitHub's feature, it must be activated for the repository:

  1. Open the repo's settings
  2. Click on Code security & analysis
  3. Click "Enable" for "Private vulnerability reporting (Beta)"

If you rather not enable it there is also the possibility to receive the vulnerability report through an email, in this case just let me know which email it would be and I'll submit the change.

Besides that, feel free to edit or suggest any changes to this document, it is supposed to reflect the amount of effort the team can offer to handle vulnerabilities.

Signed-off-by: Joyce <joycebrum@google.com>
@josephlr
Copy link
Contributor

@phil-opp @Freax13 this seems like a reasonable policy to me. Do we want to do reporting via email or through Github? I've never used the GitHub vulnerability reporting system before, but I'd be willing to give it a shot.

@Freax13
Copy link
Contributor

Freax13 commented Mar 22, 2023

@phil-opp @Freax13 this seems like a reasonable policy to me.

agreed.

Do we want to do reporting via email or through Github? I've never used the GitHub vulnerability reporting system before, but I'd be willing to give it a shot.

sure, sounds good to me!

@phil-opp
Copy link
Member

Thanks for submitting!

Sounds like we all agree that the proposed policy is reasonable and that we're open to try out GitHub's private vulnerability reporting. I just enabled it for this repo.

@phil-opp phil-opp merged commit d2c6dce into rust-osdev:master Mar 25, 2023
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create a Security Policy
4 participants