Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add a security policy for Haystack #3130

Merged
merged 3 commits into from
Sep 2, 2022
Merged

feat: add a security policy for Haystack #3130

merged 3 commits into from
Sep 2, 2022

Conversation

masci
Copy link
Contributor

@masci masci commented Sep 1, 2022
edited
Loading

Related Issues

  • n/a

Proposed Changes:

After setting up an incident response process internally, we're ready to publish a Security Policy for Haystack

Checklist

@masci masci added the type:feature New feature or request label Sep 1, 2022
@masci masci requested review from a team as code owners September 1, 2022 08:01
@masci masci requested review from bogdankostic and removed request for a team September 1, 2022 08:01
@masci masci force-pushed the massi/security-policy branch from 02a0170 to ba85be1 Compare September 1, 2022 08:35
agnieszka-m
agnieszka-m requested changes Sep 1, 2022
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated

We will keep the reporter updated as the security issue moves through our process.

Our goal is to disclose bugs as soon as possible once a user mitigation is available. We
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we're saying that we want to disclose bugs but only after we have a user mitigation. And if we don't have a user mitigation, we won't disclose bugs. Is this what we want to say?

Copy link
Contributor Author

@masci masci Sep 1, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea is if we fix the bug, we disclose it right ahead. If we don't, the researcher has the right to eventually disclose it anyways but we would appreciate coordination.

SECURITY.md Outdated Show resolved Hide resolved
@masci masci requested a review from agnieszka-m September 1, 2022 13:13
@masci masci merged commit b07fcb7 into main Sep 2, 2022
@masci masci deleted the massi/security-policy branch September 2, 2022 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agnieszka-m agnieszka-m agnieszka-m approved these changes

@bogdankostic bogdankostic bogdankostic approved these changes

Assignees
No one assigned
Labels
type:feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@masci @bogdankostic @agnieszka-m