composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

📝 SECURITY: Add disclosure policy (#372)

Browse Source 
Co-authored-by: Molkobain <lajarige.guillaume@free.fr>
This commit is contained in:
Pierre Goiffon
2022-12-13 18:15:25 +01:00
committed by GitHub
parent 93209265f2
commit fde6cac7a2
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
SECURITY.md
View File

@@ -18,8 +18,7 @@ to [itop-security@combodo.com](mailto:itop-security@combodo.com).
## 📆 Disclosure Policy ## 🔍 Combodo acknowledgment and investigation
Report sent to us will be acknowledged within the week. Report sent to us will be acknowledged within the week.
Then, a Combodo developer will be assigned to the reported issue and will: Then, a Combodo developer will be assigned to the reported issue and will:
@@ -34,3 +33,12 @@ Then, a Combodo developer will be assigned to the reported issue and will:
Security issues always take precedence over bug fixes and feature work. Security issues always take precedence over bug fixes and feature work.
The assignee will keep you informed of the resolution progress, and may ask you for additional information or guidance. The assignee will keep you informed of the resolution progress, and may ask you for additional information or guidance.
## 📆 Disclosure Policy
Once the fix is done and acknowledged by every stakeholder, it will be included in the next iTop version.
Mind we have at least 2 active branches (LTS and STS, see [iTop Community Releases [iTop Documentation]](https://www.itophub.io/wiki/page?id=latest:release:start))
The release communications will include the information of the vulnerability fix.
Corresponding GitHub advisories and CVE will be published 3 months after the iTop version release date so that iTop instances can be updated.