-
Notifications
You must be signed in to change notification settings - Fork 150
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Adds SECURITY.md similar to h2o version - Adds Github Issue Template - Adds a section on reporting security issues to README.md
- Loading branch information
Showing
3 changed files
with
20 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| --- | ||
| name: File an issue | ||
| about: For all non-security issues | ||
| title: '' | ||
| labels: '' | ||
| assignees: '' | ||
|
|
||
| --- | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -80,3 +80,7 @@ License | |
|
|
||
| The software is provided under the MIT license. | ||
| Note that additional licences apply if you use the minicrypto binding (see above). | ||
|
|
||
| Reporting Security Issues | ||
| --- | ||
| Please report vulnerabilities to [email protected]. See [SECURITY.md](SECURITY.md) for more information. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| ## Report a security issue | ||
|
|
||
| The h2o/picotls project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via [email protected]. | ||
|
|
||
| ## Security advisories | ||
|
|
||
| Remediation of security vulnerabilities is prioritized by the project team. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The picotls/h2o team announces security issues via [h2o project Github Release notes](https://github.com/h2o/h2o/releases) as well as [the h2o website](h2o.examp1e.net) on a best-effort basis. |