-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
- Loading branch information
1 parent
e9ec35f
commit def845e
Showing
1 changed file
with
29 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# SECURITY | ||
|
||
We're *glad* if you want to report a vulnerability! | ||
|
||
If you wish to propose text to explain how to detect and prevent a *kind* | ||
of vulnerability that is already publicly known, please just file a normal | ||
issue and/or pull request. We don't consider that a "vulnerability report" | ||
in the sense that many people use the term. | ||
|
||
In some cases we're the wrong place to report vulnerabilities to: | ||
|
||
* If you wish to report a vulnerability on a specific project that isn't | ||
this project, please don't report that here. Instead, please report the | ||
vulnerability to that project. | ||
* If you wish to report a general vulnerability in edX or the | ||
Linux Foundation Training & Certification platform, please report the | ||
vulnerability to them instead. | ||
|
||
However, in some cases we *do* want you to report a vulnerability to us: | ||
|
||
* If you wish to report a vulnerability in this *specific* course | ||
as supported by the Linux Foundation (via edX or the Linux Foundation | ||
Training & Certification platform). | ||
* If you wish to propose text to explain how to detect and prevent a *kind* | ||
of vulnerability that has *never* been publicly announced or | ||
discussed anywhere. | ||
|
||
If you want to report those kinds of vulnerabilities to us, | ||
please use the GitHub mechanism [privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) to this repository. |