-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #743, Create OSAL Security Policy Markdown #696
Fix #743, Create OSAL Security Policy Markdown #696
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Follow similar format for cFS and other submodules
SECURITY.md
Outdated
|
||
## Reporting a Vulnerability | ||
|
||
To report a vulnerability, submit the issue via Github in the subsystem it applies to. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Swap the first two lines and combine them as so
To report a vulnerability for the Operating System Abstraction Layer (OSAL) please [submit an issue](URL to issue)
For general cFS vulnerabilities please [open a cFS framework issue](URL to open an issue at the bundle level) and see our [top-level security policy](URL to cFS-bundle security.md)
I think we can leave the "other subsystem" part out since they'll see that if they navigate to the bundle repo.
SECURITY.md
Outdated
|
||
## Additional Support | ||
|
||
For additional support, reach out to cfs-community@lists.nasa.gov. This mailing list includes all community members/users of the NASA core Flight Software (cFS) product line. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace "reach out" with "email us at"
Swap cfs-community@lists.nasa.gov
with cfs-program@lists.nasa.gov
since the community list will bounce messages from non-members.
Keep the community mailing list sentence and add the clause "For help using OSAL and cFS"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@astrogeco Please let me know if the changes meets your requests. I will then apply the same format to cFS and other submodules.
Describe the contribution
Fixes #743
Created a draft of a security policy markdown file for OSAL. The purpose of a security policy is to inform users on how to submit bugs or vulnerabilities. It is ideal to include a section for supported versions.
Additional context
Optional sections that may be included:
References to Public Security Policies:
https://github.com/thanos-io/thanos/security/policy
https://github.com/minhealthnz/nzcovidtracer-app/security/policy
https://github.com/odoo/odoo/security/policy
Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal