From 7e63c52c42d3f19f828693336b6a600c7d7ff0c8 Mon Sep 17 00:00:00 2001 From: Nicklas Larsson Date: Tue, 30 Apr 2024 00:04:48 +0200 Subject: [PATCH] docs: fix security.md linting errors (#3678) --- SECURITY.md | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f722250e8c1..feef9649806 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,8 +1,14 @@ # GRASS GIS Security Policy ## Reporting a Vulnerability -At GRASS GIS, we take security vulnerabilities seriously. We appreciate your efforts in responsibly disclosing any issues you may find. To report a security vulnerability, please follow these steps: -1. **Privately disclose the issue** by submitting a Security Advisory through [GitHub Security](https://github.com/OSGeo/grass/security). Please do not create publicly viewable issues for security vulnerabilities. + +At GRASS GIS, we take security vulnerabilities seriously. We appreciate your +efforts in responsibly disclosing any issues you may find. To report a security +vulnerability, please follow these steps: + +1. **Privately disclose the issue** by submitting a Security Advisory through + [GitHub Security](https://github.com/OSGeo/grass/security). Please do not + create publicly viewable issues for security vulnerabilities. 2. **Provide detailed information** regarding the vulnerability, including: - Description of the vulnerability - Steps to reproduce @@ -14,25 +20,39 @@ At GRASS GIS, we take security vulnerabilities seriously. We appreciate your eff - Once confirmed, we will work on a fix and release schedule. 4. **Public Disclosure**: - We aim to release patches for vulnerabilities as soon as possible. - - We will coordinate with you regarding public disclosure, ensuring a reasonable timeline for users to update before the details are made public. - + - We will coordinate with you regarding public disclosure, ensuring a + reasonable timeline for users to update before the details are made public. ## Supported Versions -Please refer to our [Release Schedule](https://trac.osgeo.org/grass/wiki/Release/Schedule) for details on which versions are currently supported. +Please refer to our [Release Schedule](https://trac.osgeo.org/grass/wiki/Release/Schedule) +for details on which versions are currently supported. ## Security Measures -- Code Review: We conduct code reviews to catch potential vulnerabilities during code submission -- Dependency Management: We track dependencies and update them regularly to mitigate known security issues. -- Secure Development Practices: We use a series of security tools to detect potential vulnerabilities in existing and newly submitted code. +- Code Review: We conduct code reviews to catch potential vulnerabilities during + code submission. +- Dependency Management: We track dependencies and update them regularly to + mitigate known security issues. +- Secure Development Practices: We use a series of security tools to detect + potential vulnerabilities in existing and newly submitted code. ## Vulnerability Scope -Our security policy covers vulnerabilities in the GRASS GIS core codebase, official addons, and any official distributions provided by the GRASS GIS team. -While packages in Linux and other unix-like distributions are out of scope of this document, distribution maintainers traditionally do a great job in patching their distributions for security vulnerabilities. Please, refer to a specific distribution or package source if you are using packages for a specific software distribution. +Our security policy covers vulnerabilities in the GRASS GIS core codebase, +official addons, and any official distributions provided by the GRASS GIS team. + +While packages in Linux and other unix-like distributions are out of scope of +this document, distribution maintainers traditionally do a great job in patching +their distributions for security vulnerabilities. Please, refer to a specific +distribution or package source if you are using packages for a specific software +distribution. ## Responsible Disclosure -We adhere to responsible disclosure practices. We appreciate your cooperation in allowing us time to address any reported vulnerabilities before disclosing them publicly. We ask that you refrain from disclosing any details of the vulnerability until we have had adequate time to provide a fix. + +We adhere to responsible disclosure practices. We appreciate your cooperation +in allowing us time to address any reported vulnerabilities before disclosing +them publicly. We ask that you refrain from disclosing any details of the +vulnerability until we have had adequate time to provide a fix. Thank you for helping to keep GRASS GIS secure!