AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update SECURITY.md 

Reword security policy, include an escalation process (forum private discussion)
This commit is contained in:
wrongecho 2023-10-08 20:09:17 +01:00 committed by GitHub
parent f1b017fc46
commit ac51e6a8ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
SECURITY.md
View File

@ -1,5 +1,9 @@
# Security Policy # Security Policy
## **Please do NOT report security concerns/vulnerabilities publicly (Github issues/forum)**
---
## In Beta ## In Beta
ITFlow is currently in beta and is a work in progress. ITFlow is currently in beta and is a work in progress.
@ -14,10 +18,10 @@ We attempt to follow security best practices where possible, including [automate
| ------- | ------------------ | | ------- | ------------------ |
| Beta | :white_check_mark: | | Beta | :white_check_mark: |
## Reporting a Vulnerability ## Reporting a Vulnerability via GitHub Security Advisories
**<ins>Please do not report security vulnerabilities through public GitHub issues.</ins>**
If you have discovered a security issue, please [report it](https://github.com/itflow-org/itflow/security/advisories/new) to us in as much detail as possible, so we can fix it. You should expect to receive an initial acknowledgement within 72 hours.
**Security contact: [GitHub Security Advisories](https://github.com/itflow-org/itflow/security/advisories/new)** **Security contact: [GitHub Security Advisories](https://github.com/itflow-org/itflow/security/advisories/new)**
If you have discovered a security issue, please **[report it](https://github.com/itflow-org/itflow/security/advisories/new)** to us in as much detail as possible, so we can fix it.
You should expect to receive an initial acknowledgement within 72 hours. If you don't receive any feedback, we may have missed the initial email from GitHub (we're human!). Please raise a private forum discussion with johnny and wrongecho quoting ONLY the assigned GHSA ref.