cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: house cleaning of the caos name and update sec (#232)

Browse source 
* chore: house cleaning of the caos name and update sec

* some typos

* make fix non breakable

* Update SECURITY.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update SECURITY.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Florian Forster 2022-10-17 09:13:54 +02:00 committed by GitHub
parent 4bc4bfffe8
commit 4ac692bfd8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
SECURITY.md
View file

@ -1,6 +1,6 @@
# Security Policy
At CAOS we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
At ZITADEL we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
## Supported Versions
@ -8,12 +8,13 @@ After the initial Release the following version support will apply
| Version | Supported |
| ------- | ------------------ |
| 1.x.x | :white_check_mark: (not yet available) |
| 0.x.x | :x: |
| 1.x.x | :white_check_mark: |
| 2.x.x | :white_check_mark: (not released) |
## Reporting a vulnerability
To file a incident, please disclose by email to security@caos.ch with the security details.
To file a incident, please disclose by email to security@zitadel.com with the security details.
At the moment GPG encryption is no yet supported, however you may sign your message at will.
@ -35,8 +36,8 @@ TBD
## Public Disclosure
All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/zitadel/oidc/security/advisories)
All accepted and mitigated vulnerabilities will be published on the [Github Security Page](https://github.com/zitadel/oidc/security/advisories)
### Timing
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days.
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the disclosures the time frame can range from 7 to 90 days.