cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

small changes

Browse source
This commit is contained in:
Florian Forster 2019-11-18 15:50:04 +01:00
parent e6729a0dba
commit ce1a54ad19
No known key found for this signature in database
GPG key ID: B03784B4B09FB794
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
SECURITY.md
View file

@ -1,6 +1,6 @@
# Security Policy
At @caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the Open Source Community. All reports are thoroughly investigated by our engineering team.
At @caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
## Supported Versions
@ -13,7 +13,7 @@ After the initial Release the following version support will aplly
## Reporting a vulnerability
To file a incident, please disclose by email to security@caos.ch a list with the security details.
To file a incident, please disclose by email to security@caos.ch with the security details.
At the moment GPG encryption is no yet supported, however you may sign your message at will.
@ -31,10 +31,12 @@ At the moment GPG encryption is no yet supported, however you may sign your mess
## Security Vulnerability Response
TBD
## Public Disclosure
All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/oidc/security/advisories)
### Timing
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknow nature of the discloures the time frame can range from 7 to 90 days.
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days.