Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add SECURITY.md Vulnerability Disclosure Policy #5351

Merged

Conversation

seandiggity
Copy link
Contributor

Add Tari Vulnerability Disclosure Policy

Description

Added SECURITY.md for publishing of Tari Vulnerability Disclosure Policy

Motivation and Context

A SECURITY.md file is best practice for informing security researchers about a Vulnerability Disclosure Policy and bug bounty rewards. See: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

How Has This Been Tested?

Tari Labs review and comparison with Monero Project Vulnerability Response Process

What process can a PR reviewer use to test or verify this change?

n/a

Breaking Changes

  • None
  • Requires data directory on base node to be deleted
  • Requires hard fork
  • Other - Please specify

Add Tari Vulnerability Disclosure Policy
Copy link
Collaborator

@CjS77 CjS77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. This is much needed. Made a few comments.

SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
@ghpbot-tari-project ghpbot-tari-project added P-acks_required Process - Requires more ACKs or utACKs P-reviews_required Process - Requires a review from a lead maintainer to be merged labels Apr 24, 2023
seandiggity and others added 3 commits April 24, 2023 11:26
Co-authored-by: Cayle Sharrock <CjS77@users.noreply.github.com>
Co-authored-by: Cayle Sharrock <CjS77@users.noreply.github.com>
Additional clarification in regard to Yat bug bounty program
Copy link
Contributor Author

@seandiggity seandiggity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed and updated with 60-day timeline

@seandiggity seandiggity changed the title Create SECURITY.md fix: Add SECURITY.md Vulnerability Disclosure Policy Apr 24, 2023
@seandiggity seandiggity changed the title fix: Add SECURITY.md Vulnerability Disclosure Policy fix: add SECURITY.md Vulnerability Disclosure Policy Apr 24, 2023
@seandiggity
Copy link
Contributor Author

This fixes #4141

Copy link
Collaborator

@SWvheerden SWvheerden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this was much needed

@ghpbot-tari-project ghpbot-tari-project removed the P-reviews_required Process - Requires a review from a lead maintainer to be merged label Apr 25, 2023
@CjS77 CjS77 added the P-merge Process - Queued for merging label Apr 26, 2023
@CjS77
Copy link
Collaborator

CjS77 commented Apr 26, 2023

👍

@ghpbot-tari-project ghpbot-tari-project removed the P-acks_required Process - Requires more ACKs or utACKs label Apr 26, 2023
@ghpbot-tari-project ghpbot-tari-project merged commit 72daaf5 into tari-project:development Apr 26, 2023
@seandiggity seandiggity deleted the security-policy branch April 26, 2023 16:40
SWvheerden added a commit that referenced this pull request May 8, 2023
##
[0.50.0-pre.1](v0.50.0-pre.0...v0.50.0-pre.1)
(2023-05-08)


### Features

* add miner timeout config option
([5331](#5331))
([aea14f6](aea14f6))
* chat ffi ([5349](#5349))
([f7cece2](f7cece2))
* chat scaffold
([5244](#5244))
([5b09f8e](5b09f8e))
* improve message encryption
([5288](#5288))
([7a80716](7a80716))
* **p2p:** allow listener bind to differ from the tor forward address
([5357](#5357))
([857fb55](857fb55))


### Bug Fixes

* add SECURITY.md Vulnerability Disclosure Policy
([5351](#5351))
([72daaf5](72daaf5))
* added missing log4rs features
([5356](#5356))
([b9031bb](b9031bb))
* allow public addresses from command line
([5303](#5303))
([349ac89](349ac89))
* clippy issues with config
([5334](#5334))
([026f0d5](026f0d5))
* default network selection
([5333](#5333))
([cf4b2c8](cf4b2c8))
* make the first output optional in the wallet
([5352](#5352))
([bf16140](bf16140))
* remove wallet panic
([5338](#5338))
([536d16d](536d16d))
* wallet .h file for lib wallets
([5330](#5330))
([22a3a17](22a3a17))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
P-merge Process - Queued for merging
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants