Create SECURITY.md #5
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bmuenzenmeyer
commented
Nov 16, 2022
SECURITY.md
Outdated
|
|
||
| Instead, please report them to the Target Cyber Security team at _____. | ||
|
|
||
| If you prefer to submit without logging in, send an email to _____. If possible, encrypt your message with our PGP key; please download it from _____. |
There was a problem hiding this comment.
opensource@target.com is already the reporting mechanism for code of conduct violations. should it continue to be that in this case, or perhaps security@target.com?
the security mailbox likely has fantastic monitoring in place already, but we need to coordinate
@djsudduth do you have thoughts?
There was a problem hiding this comment.
Agree that the security mailbox would be the appropriate contact mech. Jay L can confirm
There was a problem hiding this comment.
also reached out to our BISO
There was a problem hiding this comment.
I also just now became aware of https://security.target.com/vdp which might be a great place to funnel everyone through - pending some internal alignment
jaylindquist
reviewed
Dec 7, 2022
Co-authored-by: Jay Lindquist <jay.lindquist@gmail.com>
learned about this through our collaboration with security
redundant with VDP docs
jaylindquist
approved these changes
Jan 13, 2023
djsudduth
approved these changes
Jan 20, 2023
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This was given to me by Ryan
Review
I've shared this now with the following stakeholders for review:
Effect
Merging this policy will apply the security policy documentation across all repositories within the organization (unless they have added their own):
right side nav on repos
new issue ui
security policy ui