Skip to content

A proposed security policy #376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
timea-solid wants to merge 6 commits into
base: main
Choose a base branch
from
Open

A proposed security policy #376

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ce7214c
1st version of a security policy
timea-solid Apr 13, 2023
6f48e7b
Update SECURITY.md
timea-solid Apr 14, 2023
565e9e3
Update SECURITY.md
timea-solid Apr 14, 2023
c128e05
Update SECURITY.md
timea-solid Apr 14, 2023
ebbd1fe
Update SECURITY.md
timea-solid Apr 14, 2023
5a223fd
Update SECURITY.md
timea-solid Apr 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Security policy

SolidOS takes the security of our repositories seriously. This includes all source code repositories managed through our [GitHub organization](https://github.com/solidos). That said, members contribute on a volunteer basis, and the skills we have at hand fluctuate with each member.

If you believe you have found a security vulnerability in any SolidOS repository, please report it to us as described below.

## About this repository

These repositories contribute to the frontend you see on each solidcommunity.net Pod. The repositories have different purposes and offer different features.

- [**solid-logic**](https://github.com/solidos/solid-logic) — core business logic of SolidOS
- [**mashlib**](https://github.com/solidos/mashlib/) — a Solid-compatible code library of application-level functionality for the world of Solid
- [**solid-panes**](https://github.com/solidos/solid-panes) — a set of core Solid-compatible panes based on [solid-ui](https://github.com/solidos/solid-ui)
- [**solid-ui**](https://github.com/solidos/solid-ui) — User Interface widgets and utilities for Solid providing building blocks for Solid-based apps

## Reporting a vulnerability

Please report any security vulnerabilities through the public GitHub issues of the repository where you find the vulnerability. If a vulnerability spans multiple repos, please report it on [the SolidOS repo](https://github.com/SolidOS/solidos/issues/new) itself.

Please include the following in your vulnerability report:

* **Impact**
_What kind of vulnerability is it? Who is impacted?_

* **Patches**
_Has the problem been patched? What versions should users upgrade to?_

* **Workarounds**
_Is there a way for users to fix or remediate the vulnerability without upgrading?_

* **References**
_Are there any links users can visit to find out more?_

* **Proposed solution**
_Any suggested fix in the form of text or a PR is more than welcome_

As a volunteer-based organization, we especially appreciate any PR which helps fix any vulnerability.

## Preferred Languages

We prefer all communications to be in English.

## Hall of Fame

Thank you to the following people for reporting vulnerabilities.

* Otto-AA