cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some more text

Browse source
This commit is contained in:
Florian Forster 2019-11-15 15:30:02 +01:00
parent f73b1b2d7a
commit e6729a0dba
No known key found for this signature in database
GPG key ID: B03784B4B09FB794
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
SECURITY.md
View file

@ -17,18 +17,24 @@ To file a incident, please disclose by email to security@caos.ch a list with the
At the moment GPG encryption is no yet supported, however you may sign your message at will. At the moment GPG encryption is no yet supported, however you may sign your message at will.
### When should I report a vulnerability? ### When should I report a vulnerability
* You think you discovered a ... * You think you discovered a ...
* ... potential security vulnerability in the SDK * ... potential security vulnerability in the SDK
* ... vulnerability in another project that this SDK bases on * ... vulnerability in another project that this SDK bases on
* For projects with their own vulnerability reporting and disclosure process, please report it directly there * For projects with their own vulnerability reporting and disclosure process, please report it directly there
### When should I NOT report a vulnerability? ### When should I NOT report a vulnerability
* You need help applying security related updates * You need help applying security related updates
* Your issue is not security related * Your issue is not security related
## Security Vulnerability Response ## Security Vulnerability Response
## Public Disclosure Timing ## Public Disclosure
All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/oidc/security/advisories)
### Timing
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknow nature of the discloures the time frame can range from 7 to 90 days.