some more text
This commit is contained in:
Florian Forster
parent
f73b1b2d7a
commit
e6729a0dba
1 changed files with 9 additions and 3 deletions
12
SECURITY.md
12
SECURITY.md
|
|
@ -17,18 +17,24 @@ To file a incident, please disclose by email to security@caos.ch a list with the
|
|||
|
||||
At the moment GPG encryption is no yet supported, however you may sign your message at will.
|
||||
|
||||
### When should I report a vulnerability?
|
||||
### When should I report a vulnerability
|
||||
|
||||
* You think you discovered a ...
|
||||
* ... potential security vulnerability in the SDK
|
||||
* ... vulnerability in another project that this SDK bases on
|
||||
* For projects with their own vulnerability reporting and disclosure process, please report it directly there
|
||||
|
||||
### When should I NOT report a vulnerability?
|
||||
### When should I NOT report a vulnerability
|
||||
|
||||
* You need help applying security related updates
|
||||
* Your issue is not security related
|
||||
|
||||
## Security Vulnerability Response
|
||||
|
||||
## Public Disclosure Timing
|
||||
## Public Disclosure
|
||||
|
||||
All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/oidc/security/advisories)
|
||||
|
||||
### Timing
|
||||
|
||||
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknow nature of the discloures the time frame can range from 7 to 90 days.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue