docs: consolidate security policy to canonical website URL#10559
Open
MarkAtwood wants to merge 1 commit into
Open
docs: consolidate security policy to canonical website URL#10559MarkAtwood wants to merge 1 commit into
MarkAtwood wants to merge 1 commit into
Conversation
Replace inline SECURITY-POLICY.md with a thin pointer in .github/SECURITY.md to the canonical policy at wolfssl.com/.well-known/vulnerability-disclosure-policy.txt. Keeps PGP key, contact info, and report template reference. Removes SECURITY-POLICY.md (now redundant).
Contributor
There was a problem hiding this comment.
Pull request overview
This PR consolidates the repository’s coordinated vulnerability disclosure policy by removing the redundant in-repo policy document and pointing GitHub’s Security tab content to the canonical policy hosted on wolfssl.com.
Changes:
- Delete
SECURITY-POLICY.md(policy content no longer duplicated in-repo). - Update
.github/SECURITY.mdto include contact + PGP fingerprint and link to the canonical vulnerability disclosure policy URL. - Keep the vulnerability report template reference and CVE-submission direction via
SECURITY-REPORT-TEMPLATE.md.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
SECURITY-POLICY.md |
Removes the duplicated in-repo security policy document. |
.github/SECURITY.md |
Updates GitHub Security tab guidance to point to the canonical website policy and retains reporting details (contact, PGP fingerprint, template link). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+5
to
6
| Report security vulnerabilities to **support@wolfssl.com** or call **+1-425-245-8247**. | ||
|
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
coordinated vulnerability disclosure policy at
https://www.wolfssl.com/.well-known/vulnerability-disclosure-policy.txt
in
.github/SECURITY.md(what GitHub shows on the Security tab)SECURITY-POLICY.md(now redundant — canonical policy lives onthe website)
support@wolfssl.com, consistent with the canonicalpolicy and the existing report template
The website policy is the single source of truth, maintained for CRA
compliance. The report template (
SECURITY-REPORT-TEMPLATE.md) isunchanged.