valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 09:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: Update osquery security policy (#6425)

Browse Source
This commit is contained in:
Teddy Reed 2020-05-08 22:16:34 -04:00 committed by GitHub
parent e237619db2
commit 34c8ac302a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -108,13 +108,6 @@ We keep track of security announcements in our tagged version release
notes on GitHub. We aggregate these into [SECURITY.md](SECURITY.md) notes on GitHub. We aggregate these into [SECURITY.md](SECURITY.md)
too. too.
Facebook has a [bug bounty](https://www.facebook.com/whitehat/)
program that includes osquery. If you find a security vulnerability in
osquery, please submit it via the process outlined on that page and
**do not file a public issue**. For more information on finding
vulnerabilities in osquery, see our blog post [Bug Hunting
osquery](https://www.facebook.com/notes/facebook-bug-bounty/bug-hunting-osquery/954850014529225).
## Learn more ## Learn more
The osquery documentation is available The osquery documentation is available

5
SECURITY.md
View File

@ -6,7 +6,10 @@ This document aggregates security issues (weaknesses and vulnerabilities) affect
#PRNumber Title - (Optional CVE) - Fixed in Version - Optional Reporter #PRNumber Title - (Optional CVE) - Fixed in Version - Optional Reporter
``` ```
There are several types of issues that do not include a CVE or reporter. If you find a security issue and believe a CVE should be assigned, please contact the project maintainers in the [osquery Slack](https://osquery-slack.herokuapp.com), we are happy to submit the request and provide attribution to you. The project maintainers will tag related issues and pull requests with the [`hardening`](https://github.com/facebook/osquery/issues?q=is%3Aissue+is%3Aopen+label%3Ahardening) label. There may be changes with this label that are not directly security issues. There are several types of issues that do not include a CVE or reporter.
If you find a security issue and believe a CVE should be assigned, please contact a [member of the TSC](https://github.com/osquery/osquery/blob/master/CONTRIBUTING.md#technical-steering-committee) in the [osquery Slack](https://osquery-slack.herokuapp.com), we are happy to submit the request and provide attribution to you.
Specifically, we will use the GitHub Security Advisory features for CVE requests.
The project maintainers will tag related issues and pull requests with the [`hardening`](https://github.com/osquery/osquery/issues?q=is%3Aissue+is%3Aopen+label%3Ahardening) label. There may be changes with this label that are not directly security issues.
If you are editing this document please feel encouraged to change this format to provide more details. This is intended to be a helpful resource so please keep content valuable and concise. If you are editing this document please feel encouraged to change this format to provide more details. This is intended to be a helpful resource so please keep content valuable and concise.