Tweak SECURITY and add a Security policy section to docs

2024-11-21 23:33:12 +01:00 · 2022-03-07 20:55:51 +01:00 · 2022-03-07 20:55:51 +01:00 · 0a873172c9
commit 0a873172c9
parent 614866eeb2
2 changed files with 17 additions and 9 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,10 +1,14 @@
-# Security Policy
+# Security policy

-## Reporting a Vulnerability
+## Reporting a vulnerability

-To report a vulnerability, please send an email to `security@httpie.io` describing the:
+When you identify a vulnerability in HTTPie, please report it privately using one of the following channels:

- The description of the vulnerability itself
- A short reproducer to verify it (you can submit a small HTTP server, a shell script, a docker image etc.)
- The severity level classification (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
- If associated with any, the [CWE](https://cwe.mitre.org/) ID.
+- Email to [`security@httpie.io`](mailto:security@httpie.io)
+- Report on [huntr.dev](https://huntr.dev/)
+
+In addition to the description of the vulnerability, please include also:
+
+- A short reproducer to verify it (it can be a small HTTP server, shell script, docker image, etc.)
+- Your deemed severity level of the vulnerability (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
+- [CWE](https://cwe.mitre.org/) ID, if available.
--- a/docs/README.md
+++ b/docs/README.md
@ -2532,6 +2532,10 @@ Helpers to convert from other client tools:

 See [CONTRIBUTING](https://github.com/httpie/httpie/blob/master/CONTRIBUTING.md).

+### Security policy
+
+See [github.com/httpie/httpie/security/policy](https://github.com/httpie/httpie/security/policy).
+
 ### Change log

 See [CHANGELOG](https://github.com/httpie/httpie/blob/master/CHANGELOG.md).