-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Add security.md file to solution (#60)
Signed-off-by: Whiteflight <[email protected]>
- Loading branch information
1 parent
e570b7b
commit ca60f02
Showing
1 changed file
with
75 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| <!-- | ||
| SPDX-FileCopyrightText: 2024 Skatteverket - Swedish Tax Agency | ||
| SPDX-License-Identifier: CC0-1.0 | ||
| --> | ||
| # Security Reporting | ||
|
|
||
| If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report. | ||
|
|
||
| ## Reporting | ||
|
|
||
| To report a security vulnerability, please provide the following information: | ||
|
|
||
| 1. **PROJECT** | ||
| - Include the URL of the project repository - Example: <https://github.com/open-source-project-template> | ||
|
|
||
| 2. **PUBLIC** | ||
| - Indicate whether this vulnerability has already been publicly discussed or disclosed. | ||
| - If so, provide relevant links. | ||
|
|
||
| 3. **DESCRIPTION** | ||
| - Provide a detailed description of the security vulnerability. | ||
| - Include as much information as possible to help us understand and address the issue. | ||
|
|
||
| Send this information, along with any additional relevant details, to <[email protected]>. | ||
|
|
||
| ## Confidentiality | ||
|
|
||
| We kindly ask you to keep the report confidential until a public announcement is made. | ||
|
|
||
| ## Notes | ||
|
|
||
| - Vulnerabilities will be handled on a best-effort basis. | ||
| - You may request an advance copy of the patched release, but we cannot guarantee early access before the public release. | ||
| - You will be notified via email simultaneously with the public announcement. | ||
| - We will respond within a few weeks to confirm whether your report has been accepted or rejected. | ||
|
|
||
| Thank you for helping to improve the security of our project! | ||
|
|
||
| --- | ||
|
|
||
| ## Säkerhetsrapport | ||
|
|
||
| Om du önskar rapportera en säkerhetssårbarhet privat är vi tacksamma. | ||
| Följ riktlinjerna nedan för att skicka in din rapport. | ||
|
|
||
| ## Rapportera | ||
|
|
||
| För att rapportera en säkerhetssårbarhet, tillhandahåll följande: | ||
|
|
||
| 1. **PROJEKT** | ||
| - Inkludera URL:en till projektet. | ||
|
|
||
| 2. **OFFENTLIG SÅRBARHET** | ||
| - Ange om denna sårbarhet redan har diskuterats eller avslöjats offentligt. | ||
| - Om så är fallet, tillhandahåll relevanta länkar. | ||
|
|
||
| 3. **BESKRIVNING** | ||
| - Ge en detaljerad beskrivning av säkerhetssårbarheten. | ||
| - Inkludera så mycket information som möjligt för att hjälpa oss förstå och åtgärda problemet. | ||
|
|
||
| Skicka denna information, tillsammans med eventuella relevanta detaljer, till <[email protected]>. | ||
|
|
||
| ## Sekretess | ||
|
|
||
| Vi ber vänligen att du håller rapporten konfidentiell tills ett offentligt tillkännagivande görs. | ||
|
|
||
| ## Anteckningar | ||
|
|
||
| - Sårbarheter kommer att hanteras efter bästa förmåga. | ||
| - Du kan begära en förhandsversion av den patchade utgåvan, men vi kan inte garantera tidig åtkomst före den offentliga utgåvan. | ||
| - Du kommer att meddelas via e-post samtidigt som det offentliga tillkännagivandet. | ||
| - Vi kommer att svara inom några veckor för att bekräfta om din rapport har accepterats eller avvisats. | ||
|
|
||
| Tack för att du hjälper till att förbättra säkerheten i vårt projekt! |