Task #13139

Add a SECURITY.md file to the AtoM repo with information on how to submit security bug reports

Added by Dan Gillean 2 months ago. Updated 2 months ago.

Status:VerifiedStart date:08/07/2019
Priority:MediumDue date:
Assignee:-% Done:

0%

Category:Security
Target version:Release 2.5.2
Google Code Legacy ID: Tested version:
Sponsored:No Requires documentation:

Description

In some cases, community users will spot security bugs in AtoM and want to report them for review. However, having publicly reported bug tickets for security issues can cause those security issues to become more well-known, allowing bad actors to potentially exploit the vulnerabilities before a fix is available.

To prevent this, we propose adding a SECURITY.md file to the AtoM repo with steps for reporting suspected security vulnerabilities. This could potentially also include additional considerations for securely deploying AtoM. For reference, see:

Some examples:

Note that GitHub is also introducing support for security advisories for projects (see: https://github.com/artefactual/atom/security/advisories), but it is still in beta.

History

#1 Updated by Dan Gillean 2 months ago

  • Status changed from New to In progress
  • Assignee set to Dan Gillean

#3 Updated by Mike Cantelon 2 months ago

  • Status changed from In progress to Feedback

Checked out the PR and didn't spot any issues... nice!

#4 Updated by Dan Gillean 2 months ago

  • Status changed from Feedback to Verified
  • Assignee deleted (Dan Gillean)

Also available in: Atom PDF