From bec9b95df340a82c3dd82878292f2b8264162154 Mon Sep 17 00:00:00 2001 From: Alex Sirota Date: Tue, 4 Feb 2025 08:00:57 -0500 Subject: [PATCH] Update SECURITY advisory Rewrite to remove email address and provide new advisory. Could be a model for a project wide advisory. Signed-off-by: Alex Sirota --- SECURITY.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 01c7dd3..f99100a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,5 @@ # Security -If you observe a security vulnerability in one of our packages or libraries, please responsibly report it to support@aspirepress.org. We will respond to notify you that we received your query, and we will credit you in the fix we provide. We ask for 30 days to fix any vulnerability before you disclose it. \ No newline at end of file +If you observe a security vulnerability in any of our projects, please responsibly report it by opening a new security advisory within the project repository. The project lead or manager will respond to discuss the issue with you, and AspirePress will credit you in the fix shoild one be published. + +We ask for 30 calendar days to fix any serious vulnerability before disclosure to AspirePress. AspirePress asks for any vulnerabilties not to be shared publicly.