Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #743, Create OSAL Security Policy Markdown #696

Merged
merged 1 commit into from
Jan 21, 2021
Merged

Fix #743, Create OSAL Security Policy Markdown #696

merged 1 commit into from
Jan 21, 2021

Conversation

ArielSAdamsNASA
Copy link
Contributor

@ArielSAdamsNASA ArielSAdamsNASA commented Dec 17, 2020

Describe the contribution
Fixes #743
Created a draft of a security policy markdown file for OSAL. The purpose of a security policy is to inform users on how to submit bugs or vulnerabilities. It is ideal to include a section for supported versions.

Additional context
Optional sections that may be included:

  • What to expect security-wise such as what type of testing is done
  • Address privacy concerns
  • Supported versions
  • License
  • Known vulnerabilities

References to Public Security Policies:
https://github.com/thanos-io/thanos/security/policy
https://github.com/minhealthnz/nzcovidtracer-app/security/policy
https://github.com/odoo/odoo/security/policy

Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal

@ArielSAdamsNASA ArielSAdamsNASA added the CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) label Jan 5, 2021
@ArielSAdamsNASA ArielSAdamsNASA changed the title Created OSAL Security Policy Markdown Draft Create OSAL Security Policy Markdown Jan 6, 2021
@ArielSAdamsNASA ArielSAdamsNASA changed the title Create OSAL Security Policy Markdown Fix #743 Create OSAL Security Policy Markdown Jan 6, 2021
@astrogeco astrogeco added CCB-20210106 and removed CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) labels Jan 6, 2021
Copy link
Contributor

@astrogeco astrogeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow similar format for cFS and other submodules

SECURITY.md Outdated

## Reporting a Vulnerability

To report a vulnerability, submit the issue via Github in the subsystem it applies to.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Swap the first two lines and combine them as so

To report a vulnerability for the Operating System Abstraction Layer (OSAL) please [submit an issue](URL to issue)
For general cFS vulnerabilities please [open a cFS framework issue](URL to open an issue at the bundle level) and see our [top-level security policy](URL to cFS-bundle security.md)

I think we can leave the "other subsystem" part out since they'll see that if they navigate to the bundle repo.

SECURITY.md Outdated

## Additional Support

For additional support, reach out to cfs-community@lists.nasa.gov. This mailing list includes all community members/users of the NASA core Flight Software (cFS) product line.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace "reach out" with "email us at"

Swap cfs-community@lists.nasa.gov with cfs-program@lists.nasa.gov since the community list will bounce messages from non-members.

Keep the community mailing list sentence and add the clause "For help using OSAL and cFS"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@astrogeco Please let me know if the changes meets your requests. I will then apply the same format to cFS and other submodules.

@astrogeco astrogeco marked this pull request as draft January 14, 2021 15:23
@ArielSAdamsNASA ArielSAdamsNASA changed the title Fix #743 Create OSAL Security Policy Markdown Fix #743, Create OSAL Security Policy Markdown Jan 14, 2021
@ArielSAdamsNASA ArielSAdamsNASA marked this pull request as ready for review January 14, 2021 20:00
@astrogeco astrogeco changed the base branch from main to integration-candidate January 21, 2021 14:41
@astrogeco astrogeco merged commit e453e2f into nasa:integration-candidate Jan 21, 2021
@skliper skliper added this to the 6.0.0 milestone Sep 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Implement a Security Policy
4 participants