Skip to content

Commit

Permalink
Merge pull request #355 from wireapp/ffflorian-patch-1
Browse files Browse the repository at this point in the history 
chore: Fix typos in SECURITY.md
  • Loading branch information
@franziskuskiefer
franziskuskiefer committed Aug 20, 2020
2 parents 54d24bb + 25e973b commit c34f8ed
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Security Policy

To report a vulnerability see contact details [below](#reporting-a-vulnerability)
To report a vulnerability see contact details [below](#reporting-a-vulnerability).

## Security incident policy
Security bug reports are treated withe special attention and are handled differently from normal bugs.
In particular, security sensitive bugs are not handled on public issue trackers on Github or other company-wide accessible tools but in a private bug tracker.
Security bug reports are treated with special attention and are handled differently from normal bugs.
In particular, security sensitive bugs are not handled on public issue trackers on GitHub or other company-wide accessible tools but in a private bug tracker.
Information about the bug and access to it is restricted to people in the security bug group, the individual engineers that work on fixing it, and any other person who needs to be involved for organisational reasons.
The process is handled by the security team, which decides on the people involved in order to fix the issue.
It is also guaranteed that the person reporting the issue has visibility into the process of fixing it.
Expand All @@ -15,9 +15,9 @@ The issue might not be public at the time of the release, depending on the agree

## Tracking security issues
Security issues are tracked on an internal vulnerabilities project that can only be accessed by a small number of people.
Once a security issue is triaged and the appropriate code repository is identified, a draft security advisory is created on the corresponding Github repository.
Once a security issue is triaged and the appropriate code repository is identified, a draft security advisory is created on the corresponding GitHub repository.
This gives the corresponding team access to the vulnerability and allows to involve all people necessary to fix the issue.
Once the issue has been fixed and the embargo ends the advisory is published to the Github advisory database.
Once the issue has been fixed and the embargo ends the advisory is published to the GitHub advisory database.

## Post mortems
Any security issues must be followed by a post mortem to analyze the cause and resolution for the incident.
Expand Down

0 comments on commit c34f8ed

Please sign in to comment.