Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

chore: fixup security response suggestions (#3056)

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Moritz Johner 2 years ago
parent
26f9c3f1f4
commit
fd62f96e9f
1 changed files with 5 additions and 8 deletions
Unified View Show Diff Stats
  1. 5 8
      SECURITY_RESPONSE.md

+ 5 - 8
SECURITY_RESPONSE.md
View File 

@@ -8,8 +8,8 @@ as well as patch/release.
 
 
 
 ### Identify the problem
 
 ### Identify the problem
 
 
 
-Triaging problems allows maintainers to focus resources on the most critically
 
-impacting problems. Potential security problems should be evaluated against the
 
+Triaging issues allows maintainers to focus resources on the most critically
 
+impacting problems. Potential security risks should be evaluated against the
 
 following information:
 
 following information:
 
 
 
 * Which component(s) of the project is impacted?
 
 * Which component(s) of the project is impacted?
 
@@ -30,15 +30,12 @@ following information:
 
 Any potential problem that has an exploit, permits privilege escalation, is
 
 Any potential problem that has an exploit, permits privilege escalation, is
 
 simple, and does not require user interaction should be evaluated immediately.
 
 simple, and does not require user interaction should be evaluated immediately.
 
 [CVSS Version 3.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator) can be
 
 [CVSS Version 3.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator) can be
 
-a helpful tool in evaluating the criticality of reported problems.
 
+a helpful tool in evaluating the criticality of reported issues.
 
 
 
 ### Acknowledge receipt of the problem
 
 ### Acknowledge receipt of the problem
 
 
 
-Respond to the reporter and notify them you have received the problem and have
 
-begun reviewing it. Remind them of the [embargo policy](https://github.com/cncf/tag-security/blob/231b87f371274b2d68def2c6a35a719210836191/project-resources/templates/embargo-policy.md), and provide them
 
-information on who to contact/follow-up with if they have questions. Estimate a
 
-time frame that they can expect to receive an update on the problem. Create a
 
-calendar reminder to contact them again by that date to provide an update.
 
+Respond to the reporter and notify them that you have received and begun reviewing the problem. Remind them of the [embargo policy](https://github.com/cncf/tag-security/blob/231b87f371274b2d68def2c6a35a719210836191/project-resources/templates/embargo-policy.md), and provide them
 
+information on who to contact/follow-up with if they have questions. Estimate when they can expect to receive an update. Create a calendar reminder to contact them again by that date to provide an update.
 
 
 
 ### Replicate the problem
 
 ### Replicate the problem