Update outdated SECURITY.md #1677
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: alexey semenyuk <[email protected]>
|
@EnriqueL8 minor update |
|
@alex-semenyuk this is good but let's use this file https://github.com/LF-Decentralized-Trust/governance/blob/f0c1a4a6dfbef360ec92627d7e5003480b199195/tac/governing-documents/SAMPLE-SECURITY.md please |
Signed-off-by: alexey semenyuk <[email protected]>
alex-semenyuk
commented
Jul 2, 2025
SECURITY.md
Outdated
| The current Hyperledger Firefly security team is: | ||
|
|
||
| | Name | Email ID | Discord ID | Area/Specialty | | ||
| | ---------------- | ------------------ | ---------- | --------------- | |
There was a problem hiding this comment.
@EnriqueL8 Could you please help with filling this
There was a problem hiding this comment.
ah yeah okay, will raise at the community call to see who wants to be part of it. You can at least put my name down
Signed-off-by: alexey semenyuk <[email protected]>
EnriqueL8
reviewed
Sep 10, 2025
|
|
||
| ## (GitHub) Security Advisories | ||
|
|
||
| Hyperledger Firefly uses GitHub Security Advisories to manage the public |
There was a problem hiding this comment.
Suggested change
| Hyperledger Firefly uses GitHub Security Advisories to manage the public | |
| Hyperledger FireFly uses GitHub Security Advisories to manage the public |
Comment on lines
+120
to
+126
| - Email the [LF Decentralized Trust Foundation security | ||
| list](mailto:[email protected]): To report a security issue, please | ||
| send an email with the name of the project/repository, a description of the issue, the | ||
| steps you took to create the issue, affected versions, and if known, | ||
| mitigations. If in triaging the email, the security team determines the issue may be | ||
| a security vulnerability, a [GitHub security vulnerability report] will be | ||
| opened. |
There was a problem hiding this comment.
FYI @ryjones is this is still the correct process?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
Update outdated SECURITY.md to sync with other LF repos, since some of links outdated. Also it helps to fix Security-Policy issue slightly improving score openssf scorecard
Types of changes
Please make sure to follow these points
Screenshots (If Applicable)
Other Information