Conversation
Contributor
|
https://github.com/IntersectMBO/Open-Source-Office/security/advisories/new Please update to reflect this link within the revised Security policy. |
Contributor
|
@ThatGuyLLC Please give some thoughts on this. |
Contributor
@Emmanuel-Tyty @HarunJr can one of y'all audit this? |
HarunJr
reviewed
Apr 2, 2026
HarunJr
left a comment
HarunJr
left a comment
There was a problem hiding this comment.
Thanks for putting this together! The updates look good.
I just caught one minor typo that exists in both of the templates. Other than that it looks good to me.
|
|
||
| 5. **Fixing Issue**: The team agrees on the fix, the announcement, and the release schedule with the reporter. If the reporter is not responsive in a reasonable time frame this should not block the team from moving to the next steps particularly in the face of a high impact or high severity issue. | ||
|
|
||
| a. **Mitigation**: Depending on the severity and criticity of the issue, the team can decide to disclose the issue publicly in the absence of a fix _if and only if_ a clear, simple, and effective mitigation plan is defined. This _must_ include instructions for users and operators of the software, and a time horizon at which the issue will be properly fixed (eg. version number). |
There was a problem hiding this comment.
On line 53. Change "Depending on the severity and [criticity] of the issue..." to "Depending on the severity and [criticality] of the issue..."
Ranchhand87
reviewed
Apr 7, 2026
| If you discover a security vulnerability in xxxx, we encourage you to | ||
| responsibly disclose it to us. To report a vulnerability, please use | ||
| the [private reporting form on | ||
| GitHub](https://github.com/input-output-hk/mithril/security/advisories/new) |
|
|
||
| - A description of the vulnerability and its potential impact. | ||
| - Steps to reproduce the vulnerability. | ||
| - The version of `xxxx` package where the vulnerability exists. |
|
|
||
| ## Introduction | ||
|
|
||
| The Cardano open source project (xxx) is committed to ensuring the security of |
| ## Contact Information | ||
|
|
||
| To report a security vulnerability, please use [GitHub | ||
| form]((add project github form for your project)). Should you experience any issues reporting via GitHub or have other questions, Please contact [Security](security@intersectmbo.org). |
|
|
||
| 5. **Fixing Issue**: The team agrees on the fix, the announcement, and the release schedule with the reporter. If the reporter is not responsive in a reasonable time frame this should not block the team from moving to the next steps particularly in the face of a high impact or high severity issue. | ||
|
|
||
| a. **Mitigation**: Depending on the severity and criticity of the issue, the team can decide to disclose the issue publicly in the absence of a fix _if and only if_ a clear, simple, and effective mitigation plan is defined. This _must_ include instructions for users and operators of the software, and a time horizon at which the issue will be properly fixed (eg. version number). |
|
|
||
| This Security Vulnerability Disclosure Policy may be updated or | ||
| revised as necessary. Please check the latest version of this policy | ||
| on the [xxxx repository]((add link for your project)). |
|
|
||
| ## Conclusion | ||
|
|
||
| The xxxx project greatly appreciates the assistance of the security |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
List of changes