Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: fix security.md linting errors #3678

Merged
merged 1 commit into from
Apr 29, 2024
Merged

docs: fix security.md linting errors #3678

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 31 additions & 11 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
# GRASS GIS Security Policy

## Reporting a Vulnerability
At GRASS GIS, we take security vulnerabilities seriously. We appreciate your efforts in responsibly disclosing any issues you may find. To report a security vulnerability, please follow these steps:
1. **Privately disclose the issue** by submitting a Security Advisory through [GitHub Security](https://github.com/OSGeo/grass/security). Please do not create publicly viewable issues for security vulnerabilities.

At GRASS GIS, we take security vulnerabilities seriously. We appreciate your
efforts in responsibly disclosing any issues you may find. To report a security
vulnerability, please follow these steps:

1. **Privately disclose the issue** by submitting a Security Advisory through
[GitHub Security](https://github.com/OSGeo/grass/security). Please do not
create publicly viewable issues for security vulnerabilities.
2. **Provide detailed information** regarding the vulnerability, including:
- Description of the vulnerability
- Steps to reproduce
Expand All @@ -14,25 +20,39 @@ At GRASS GIS, we take security vulnerabilities seriously. We appreciate your eff
- Once confirmed, we will work on a fix and release schedule.
4. **Public Disclosure**:
- We aim to release patches for vulnerabilities as soon as possible.
- We will coordinate with you regarding public disclosure, ensuring a reasonable timeline for users to update before the details are made public.

- We will coordinate with you regarding public disclosure, ensuring a
reasonable timeline for users to update before the details are made public.

## Supported Versions
Please refer to our [Release Schedule](https://trac.osgeo.org/grass/wiki/Release/Schedule) for details on which versions are currently supported.

Please refer to our [Release Schedule](https://trac.osgeo.org/grass/wiki/Release/Schedule)
for details on which versions are currently supported.

## Security Measures
- Code Review: We conduct code reviews to catch potential vulnerabilities during code submission
- Dependency Management: We track dependencies and update them regularly to mitigate known security issues.
- Secure Development Practices: We use a series of security tools to detect potential vulnerabilities in existing and newly submitted code.

- Code Review: We conduct code reviews to catch potential vulnerabilities during
code submission.
- Dependency Management: We track dependencies and update them regularly to
mitigate known security issues.
- Secure Development Practices: We use a series of security tools to detect
potential vulnerabilities in existing and newly submitted code.

## Vulnerability Scope
Our security policy covers vulnerabilities in the GRASS GIS core codebase, official addons, and any official distributions provided by the GRASS GIS team.

While packages in Linux and other unix-like distributions are out of scope of this document, distribution maintainers traditionally do a great job in patching their distributions for security vulnerabilities. Please, refer to a specific distribution or package source if you are using packages for a specific software distribution.
Our security policy covers vulnerabilities in the GRASS GIS core codebase,
official addons, and any official distributions provided by the GRASS GIS team.

While packages in Linux and other unix-like distributions are out of scope of
this document, distribution maintainers traditionally do a great job in patching
their distributions for security vulnerabilities. Please, refer to a specific
distribution or package source if you are using packages for a specific software
distribution.

## Responsible Disclosure
We adhere to responsible disclosure practices. We appreciate your cooperation in allowing us time to address any reported vulnerabilities before disclosing them publicly. We ask that you refrain from disclosing any details of the vulnerability until we have had adequate time to provide a fix.

We adhere to responsible disclosure practices. We appreciate your cooperation
in allowing us time to address any reported vulnerabilities before disclosing
them publicly. We ask that you refrain from disclosing any details of the
vulnerability until we have had adequate time to provide a fix.

Thank you for helping to keep GRASS GIS secure!
Loading