composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

📝 SECURITY: Add disclosure policy (#372)

Browse Source 
Co-authored-by: Molkobain <lajarige.guillaume@free.fr>
This commit is contained in:
Pierre Goiffon
2022-12-13 18:15:25 +01:00
committed by GitHub
parent 93209265f2
commit fde6cac7a2
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
SECURITY.md
View File

@@ -18,8 +18,7 @@ to [itop-security@combodo.com](mailto:itop-security@combodo.com).
## 📆 Disclosure Policy
## 🔍 Combodo acknowledgment and investigation
Report sent to us will be acknowledged within the week.
Then, a Combodo developer will be assigned to the reported issue and will:
@@ -34,3 +33,12 @@ Then, a Combodo developer will be assigned to the reported issue and will:
Security issues always take precedence over bug fixes and feature work.
The assignee will keep you informed of the resolution progress, and may ask you for additional information or guidance.
## 📆 Disclosure Policy
Once the fix is done and acknowledged by every stakeholder, it will be included in the next iTop version.
Mind we have at least 2 active branches (LTS and STS, see [iTop Community Releases [iTop Documentation]](https://www.itophub.io/wiki/page?id=latest:release:start))
The release communications will include the information of the vulnerability fix.
Corresponding GitHub advisories and CVE will be published 3 months after the iTop version release date so that iTop instances can be updated.