From 907f7e430106ecd9dea04acbd0dbdcf433ecb152 Mon Sep 17 00:00:00 2001 From: 0xKitsune <0xkitsune@protonmail.com> Date: Tue, 5 Nov 2024 20:19:25 -0500 Subject: [PATCH 1/3] add security.md --- SECURITY.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..83b868f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security + +## Report a security issue + +The World project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via [TODO:](). Security issues should not be reported via the public Github Issue tracker. + +## Vulnerability coordination + +Remediation of security vulnerabilities is prioritized by the project team. The project team coordinates remediation with third-party project stakeholders via [Github Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories). Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of Tokio, and maintainers of upstream dependencies if applicable. + +Downstream project maintainers and Tokio users can request participation in coordination of applicable security issues by sending your contact email address, Github username(s) and any other salient information to [TODO:](). Participation in security issue coordination processes is at the discretion of the World team. + +## Security advisories + +The project team is committed to transparency in the security issue disclosure process. The World team announces security issues via [project Github Release notes](https://github.com/worldcoin/world-chain/releases) and the [RustSec advisory database](https://github.com/RustSec/advisory-db) (i.e. `cargo-audit`). + + + \ No newline at end of file From e12b69d85ca0340057077051e6587bea459bc7ab Mon Sep 17 00:00:00 2001 From: 0xKitsune <0xkitsune@protonmail.com> Date: Wed, 6 Nov 2024 10:28:04 -0500 Subject: [PATCH 2/3] update project name --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 83b868f..da9bd2a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,9 +6,9 @@ The World project team welcomes security reports and is committed to providing p ## Vulnerability coordination -Remediation of security vulnerabilities is prioritized by the project team. The project team coordinates remediation with third-party project stakeholders via [Github Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories). Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of Tokio, and maintainers of upstream dependencies if applicable. +Remediation of security vulnerabilities is prioritized by the project team. The project team coordinates remediation with third-party project stakeholders via [Github Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories). Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of World, and maintainers of upstream dependencies if applicable. -Downstream project maintainers and Tokio users can request participation in coordination of applicable security issues by sending your contact email address, Github username(s) and any other salient information to [TODO:](). Participation in security issue coordination processes is at the discretion of the World team. +Downstream project maintainers and World users can request participation in coordination of applicable security issues by sending your contact email address, Github username(s) and any other salient information to [TODO:](). Participation in security issue coordination processes is at the discretion of the World team. ## Security advisories From 6729b45b0ed59791e8d3cf358401cf2cf27e8228 Mon Sep 17 00:00:00 2001 From: 0xKitsune <0xkitsune@protonmail.com> Date: Wed, 6 Nov 2024 13:38:42 -0500 Subject: [PATCH 3/3] update security contact --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index da9bd2a..69de337 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,13 +2,13 @@ ## Report a security issue -The World project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via [TODO:](). Security issues should not be reported via the public Github Issue tracker. +The World project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via [security@toolsforhumanity.com](mailto:security@toolsforhumanity.com). Security issues should not be reported via the public Github Issue tracker. ## Vulnerability coordination Remediation of security vulnerabilities is prioritized by the project team. The project team coordinates remediation with third-party project stakeholders via [Github Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories). Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of World, and maintainers of upstream dependencies if applicable. -Downstream project maintainers and World users can request participation in coordination of applicable security issues by sending your contact email address, Github username(s) and any other salient information to [TODO:](). Participation in security issue coordination processes is at the discretion of the World team. +Downstream project maintainers and World users can request participation in coordination of applicable security issues by sending your contact email address, Github username(s) and any other salient information to [security@toolsforhumanity.com](mailto:security@toolsforhumanity.com). Participation in security issue coordination processes is at the discretion of the World team. ## Security advisories