[PATCH] SECURITY: Permit vulnerability reports also via github
3 views
Skip to first unread message
Jan Kiszka
Feb 4, 2023, 8:06:36 AM2/4/23
to efibootguard-dev
From: Jan Kiszka <jan.k...@siemens.com>
This add reporting vulnerabilities via the new github channel. The
email channel is kept as an alternative.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
SECURITY.md | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/SECURITY.md b/SECURITY.md
index 7435af6..e5e416a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -22,11 +22,12 @@ Guard code.
## Reporting a Vulnerability
Please DO NOT report any potential security vulnerability via a public channel
-(mailing list, github issue etc.). Instead, contact the maintainers
-jan.k...@siemens.com and christi...@siemens.com via email directly.
-Please provide a detailed description of the issue, the steps to reproduce it,
-the affected versions and, if already available, a proposal for a fix. You
-should receive a response withing 5 working days. If the issue is confirmed as
-a vulnerability by us, we will open a Security Advisory on github and give
-credits for your report if desired. This project follows a 90 day disclosure
-timeline.
+(mailing list, github issue etc.). Instead, create a report via
+https://github.com/siemens/efibootguard/security/advisories/new or contact the
+maintainers jan.k...@siemens.com and christi...@siemens.com via email
+directly. Please provide a detailed description of the issue, the steps to
+reproduce it, the affected versions and, if already available, a proposal for a
+fix. You should receive a response within 5 working days. If the issue is
+confirmed as a vulnerability by us, we will open a Security Advisory on github
+and give credits for your report if desired. This project follows a 90 day
+disclosure timeline.
--
2.35.3
This add reporting vulnerabilities via the new github channel. The
email channel is kept as an alternative.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
SECURITY.md | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/SECURITY.md b/SECURITY.md
index 7435af6..e5e416a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -22,11 +22,12 @@ Guard code.
## Reporting a Vulnerability
Please DO NOT report any potential security vulnerability via a public channel
-(mailing list, github issue etc.). Instead, contact the maintainers
-jan.k...@siemens.com and christi...@siemens.com via email directly.
-Please provide a detailed description of the issue, the steps to reproduce it,
-the affected versions and, if already available, a proposal for a fix. You
-should receive a response withing 5 working days. If the issue is confirmed as
-a vulnerability by us, we will open a Security Advisory on github and give
-credits for your report if desired. This project follows a 90 day disclosure
-timeline.
+(mailing list, github issue etc.). Instead, create a report via
+https://github.com/siemens/efibootguard/security/advisories/new or contact the
+maintainers jan.k...@siemens.com and christi...@siemens.com via email
+directly. Please provide a detailed description of the issue, the steps to
+reproduce it, the affected versions and, if already available, a proposal for a
+fix. You should receive a response within 5 working days. If the issue is
+confirmed as a vulnerability by us, we will open a Security Advisory on github
+and give credits for your report if desired. This project follows a 90 day
+disclosure timeline.
--
2.35.3
Reply all
Reply to author
Forward
0 new messages