Skip to content

Update outdated SECURITY.md #1677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update outdated SECURITY.md #1677

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 4 additions & 13 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,10 @@

## Reporting a Security Bug

If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to
hear from you. We will take all security bugs seriously and if confirmed upon investigation we will
patch it within a reasonable amount of time and release a public security bulletin discussing the
impact and credit the discoverer.
If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.

There are two ways to report a security bug. The easiest is to email a description of the flaw and
any related information (e.g. reproduction steps, version) to
[security at hyperledger dot org](mailto:[email protected]).
There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to [security at hyperledger dot org](mailto:[email protected]).

The other way is to file a confidential security bug in our
[JIRA bug tracking system](https://jira.hyperledger.org). Be sure to set the “Security Level” to
“Security issue”.
The other way is to file a confidential security bug in the repository's [security advisories page](https://github.com/hyperledger/firefly/security/advisories). Guidance can be found in the GitHub documentation on [privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).

The process by which the Hyperledger Security Team handles security bugs is documented further in
our [Defect Response page](https://wiki.hyperledger.org/display/SEC/Defect+Response) on our
[wiki](https://wiki.hyperledger.org).
The process by which the Hyperledger Security Team handles security bugs is documented further in our [Defect Response page](https://lf-hyperledger.atlassian.net/wiki/spaces/SEC/pages/20283618/Defect+Response) on our [wiki](https://lf-hyperledger.atlassian.net/wiki).