Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] Add security policy to repo #191 #192

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[SECURITY] Add security policy to repo #191 #192

wants to merge 2 commits into from

Conversation

rishabhRsinghvi
Copy link

Addition of SECURITY.md

Overview

This change introduces a SECURITY.md file to the repository. The goal is to provide a clear and structured security policy, making it easier for contributors and users to report any security vulnerabilities they might find. This addition addresses Issue #191 and leverages GitHub's new feature for security policies.

Rationale

Ensuring the security of our project is crucial. By adding a SECURITY.md file, we establish a straightforward process for reporting potential security issues. This not only helps us maintain a secure codebase but also shows our commitment to transparency and collaboration.

Details of the Security Policy

  1. Reporting a Vulnerability:

    • Contact Information: If you discover a vulnerability, please report it via email to [email protected].
    • Required Information: When reporting, include detailed steps to reproduce the issue and any potential fixes you might have.
    • Response Time: Our security team commits to acknowledging receipt of the report within 7 days. We'll provide follow-up details on the fix and the expected release timeline.

  2. Supported Versions:

    • We outline which versions of the software are currently supported with security updates.
    • Supported Versions Table:
      • Version 1.x: Supported
      • Version 0.x: Not Supported

  3. Security Updates:

    • We follow best practices for security and will release updates as necessary.
    • Critical security updates will be released immediately to address urgent vulnerabilities.

  4. Further Information:

    • For more information on our security practices, please visit our Security Page.

Benefits

  • Enhanced Security: Provides a clear process for reporting vulnerabilities, which helps us quickly identify and fix security issues.
  • Transparency and Trust: Demonstrates our commitment to maintaining a secure project by openly communicating our security practices and response protocols.
  • Encourages Collaboration: Fosters a secure and collaborative environment by encouraging responsible disclosure from contributors.

Conclusion

Adding the SECURITY.md file is a proactive step towards strengthening the security framework of the Gnosis PM Contracts repository. By clearly outlining the process for reporting vulnerabilities, supported versions, and our update protocols, we aim to ensure a secure and collaborative environment for all contributors and users.

@rishabhRsinghvi rishabhRsinghvi mentioned this pull request Jun 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rishabhRsinghvi