Fix SECURITY.md format and newlines

master
Harshavardhana 5 years ago
parent 7f31d933a8
commit b9b2b37366
  1. 18
      SECURITY.md

@ -8,12 +8,12 @@ Whenever there is a security update you just need to upgrade to the latest versi
## Reporting a Vulnerability ## Reporting a Vulnerability
All security bugs in [minio/minio](https://github,com/minio/minio) (or other minio/* repositories) All security bugs in [minio/minio](https://github,com/minio/minio) (or other minio/* repositories)
should be reported by email to security@min.io. Your email will be acknowledged within 48 hours, should be reported by email to security@min.io. Your email will be acknowledged within 48 hours,
and you'll receive a more detailed response to your email within 72 hours indicating the next steps and you'll receive a more detailed response to your email within 72 hours indicating the next steps
in handling your report. in handling your report.
Please, provide a detailed explanation of the issue. In particular, outline the type of the security Please, provide a detailed explanation of the issue. In particular, outline the type of the security
issue (DoS, authentication bypass, information disclose, ...) and the assumptions you're making (e.g. do issue (DoS, authentication bypass, information disclose, ...) and the assumptions you're making (e.g. do
you need access credentials for a successful exploit). you need access credentials for a successful exploit).
If you have not received a reply to your email within 48 hours or you have not heard from the security team If you have not received a reply to your email within 48 hours or you have not heard from the security team
@ -31,11 +31,11 @@ MinIO uses the following disclosure process:
2. A member of the security team will respond and either confirm or reject the security report. 2. A member of the security team will respond and either confirm or reject the security report.
If the report is rejected the response explains why. If the report is rejected the response explains why.
3. Code is audited to find any potential similar problems. 3. Code is audited to find any potential similar problems.
4. Fixes are prepared for the latest release. 4. Fixes are prepared for the latest release.
5. On the date that the fixes are applied a security advisory will be published on https://blog.min.io. 5. On the date that the fixes are applied a security advisory will be published on https://blog.min.io.
Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing
the security issue. By default MinIO will **not** publish this information to protect your privacy. the security issue. By default MinIO will **not** publish this information to protect your privacy.
This process can take some time, especially when coordination is required with maintainers of other projects. This process can take some time, especially when coordination is required with maintainers of other projects.
Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we
follow the process described above to ensure that disclosures are handled consistently. follow the process described above to ensure that disclosures are handled consistently.

Loading…
Cancel
Save