From a303f2cae0ca4b6fc516824f6d510de012fc017a Mon Sep 17 00:00:00 2001 From: bmortier <benoit.mortier@fusiondirectory.org> Date: Sun, 3 Jan 2021 21:32:37 +0000 Subject: [PATCH] Merge branch '6139-add-a-security-md-for-github-compliance' into '1.3-fixes' Resolve "Add a security.md for github compliance" See merge request fusiondirectory/fd!851 (cherry picked from commit c7179df2886fe6013b0c7574bfc77c2fa5ca4c0f) 8d360d85 :sparkles: feat(github-security) Add a security.md for github compliance --- SECURITY.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..6eb0a87ed --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,22 @@ +### Reporting Security Vulnerabilities + +Although we try to be proactive in preventing security concerns, it is unfortunately inevitable that security breaches will be discovered in all software, including our own. + +It is common practice in open source to disclose a security concern to the vendor in a responsible and private manner prior to publication, so that a patch can be prepared, and so that we can take proactive measures to protect FusionDirectory users. + +### What is a “security†issue ? + +A security issue is a type of bug that can affect the security of FusionDirectory installations. + +Specifically, it is a report of a bug that you have found in the code for FusionDirectory and that you have determined can be used to gain some level of access to a site running FusionDirectory that you should not have. + +### Where do I report security issues ? + +If you would like to contact us with a security vulnerability or possible vulnerability, please contact us via email [security@fusiondirectory.org](mailto:security@fusiondirectory.org). + +Your email can be signed with the following public gpg key : + +Benoit Mortier : **32BA 180F 6E14 7B5F 52BE 6322 EF2F F1E4 8638 EAD1** + +**In any case, you should not share details with anyone else until the bug fix has been officially released.** + -- GitLab