Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create security.md #253

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Create security.md #253

wants to merge 5 commits into from

Conversation

d-a-v-i--
Copy link

new page to explain a process how to report vulnerabilities and what advisories will look like

matthieubosquet
matthieubosquet reviewed Mar 5, 2021
View reviewed changes
security.md Outdated Show resolved Hide resolved
matthieubosquet
matthieubosquet reviewed Mar 5, 2021
View reviewed changes
security.md Outdated Show resolved Hide resolved
matthieubosquet
matthieubosquet reviewed Mar 5, 2021
View reviewed changes
security.md
Risk is determined through internal scoring using CVSSv3.1 (https://www.first.org/cvss/calculator/3.1).

### Security Advisories
Notifications and descriptions of security incidents are available here.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be clear, at loss of a better solution, are you recommended that the list of Security Advisories related to Solid will be currated manually as a list:

  • inside this present document; or;
  • in an external security-advisories.md?

I would probably have a slight preference for the latter.

TallTed
TallTed reviewed Mar 5, 2021
View reviewed changes
security.md Outdated
Comment on lines 4 to 5
info@solidproject.org
Submit an issue to our team on github
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure which repo these issues belong on.

Suggested change
info@solidproject.org
Submit an issue to our team on github
Please submit any issues to [our team on github](needs_the_repo/issues/), or email <info@solidproject.org>.

TallTed
TallTed reviewed Mar 5, 2021
View reviewed changes
security.md Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 5, 2021
View reviewed changes
security.md Outdated
* Accessing, or attempting to access, data or information that does not belong to you
* Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you

Software often contains third party or open source libraries and binaries. Prior to submitting a request to validate how a security issue in third party components may impact Solid, please review the section on third party CVE handling.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Software often contains third party or open source libraries and binaries. Prior to submitting a request to validate how a security issue in third party components may impact Solid, please review the section on Handling Third Party CVE (Common Vulnerabilities and Exposures).

TallTed
TallTed reviewed Mar 5, 2021
View reviewed changes
security.md Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 5, 2021
View reviewed changes
security.md
Risk is determined through internal scoring using CVSSv3.1 (https://www.first.org/cvss/calculator/3.1).

### Security Advisories
Notifications and descriptions of security incidents are available here.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Notifications and descriptions of security incidents are available here.
Notifications and descriptions of security incidents are available [here](needs_a_link_to_document_or_directory).

TallTed
TallTed reviewed Mar 5, 2021
View reviewed changes
security.md
### Security Advisories
Notifications and descriptions of security incidents are available here.

Security Advisories and other security content are provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in these publications or linked material is at your own risk. Inrupt reserves the right to change or update this content without notice at any time.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inrupt.com? Or solidproject.org? This document is starting to exhibit a split personality...

timea-solid and others added 4 commits January 24, 2023 22:49
@timea-solid @matthieubosquet
Update security.md
f68c8b7 
Co-authored-by: Matthieu Bosquet <matthieubosquet@gmail.com>
@timea-solid @matthieubosquet
Update security.md
f51dcc1 
Co-authored-by: Matthieu Bosquet <matthieubosquet@gmail.com>
@timea-solid @TallTed
Update security.md
351dd5b 
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
@timea-solid @TallTed
Update security.md
515177c 
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TallTed TallTed TallTed left review comments

@matthieubosquet matthieubosquet matthieubosquet left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@d-a-v-i-- @matthieubosquet @TallTed @timea-solid