You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ Please include as many details as needed to clearly qualify the issue:
25
25
26
26
a. **Rejection**: If the team rejects the report, detailed explanations will be provided by email or commenting on the relevant issue and the latter will be made public and closed as `Won't fix`.
27
27
28
-
b. **Acceptance**: If the team accepts the report, a CVE identifier will be requested through GitHub and a [private fork](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability) opened to work on a fix to the issue.
28
+
b. **Acceptance**: If the team accepts the report, a CVE identifier will be requested through GitHub and a [private fork](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability)will be opened to work on a fix to the issue.
29
29
30
30
3.**Resolution**: The team works to resolve the vulnerability in a timely manner. The timeline for resolution will depend on the complexity and severity of the vulnerability, but we will strive to address critical vulnerabilities as quickly as possible.
31
31
@@ -37,11 +37,11 @@ Please include as many details as needed to clearly qualify the issue:
37
37
38
38
b. **Fix**: When a fix is available and approved, it should be merged and made available as quickly as possible:
39
39
40
-
- All commits to the private repository are squashed into a single commit whose description _should not_ make any reference it relates to a security vulnerability
40
+
- All commits to the private repository are squashed into a single commit whose description _should not_ make any reference that it relates to a security vulnerability
41
41
- A new Pull Request is created with this single commit
42
42
- This PR's review and merging is expedited as all the work has already been done
43
43
44
-
6.**Release**: The team creates and publishes a release that includes the fix
44
+
6.**Release**: The team creates and publishes a release that includes the fix.
45
45
46
46
7.**Announcement**: Concomitant to the release announcement, the team announces the security vulnerability by making the GitHub issue public. This is the first point that any information regarding the vulnerability is made public.
47
47
@@ -63,7 +63,7 @@ We will not pursue legal action against individuals who report security vulnerab
63
63
64
64
## Contact Information
65
65
66
-
To report a security vulnerability, please use [GitHub form](https://github.com/IntersectMBO/cardano-ledger/security/advisories/new). Should you experience any issues reporting via GitHub or have other questions, please contact [Security](security@intersectmbo.org).
66
+
To report a security vulnerability, please use the [GitHub security advisory form](https://github.com/IntersectMBO/cardano-ledger/security/advisories/new). Should you experience any issues reporting via GitHub or have other questions, please contact [security@intersectmbo.org](mailto:security@intersectmbo.org).
0 commit comments