Skip to content

Update SECURITY.md #959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ThatGuyLLC wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Update SECURITY.md #959

ThatGuyLLC wants to merge 3 commits into from

Conversation

@ThatGuyLLC
Copy link

@ThatGuyLLC ThatGuyLLC commented Oct 22, 2025
edited by aniketd
Loading

The Security Council has approved a new SECURITY.md aligned with the bug-bounty process. Please update your project’s SECURITY.md with the correct links for your project and confirm that private vulnerability reporting is enabled for your repository. All bug bounty details found here:
https://opensourcecommittee.docs.intersectmbo.org/about/paid-open-source-model-posm/bug-bounty-program'

Description

Checklist

  • Commit sequence broadly makes sense and commits have useful messages
  • Any semantic changes to the specifications are documented in CHANGELOG.md
  • Code is formatted according to CONTRIBUTING.md
  • Self-reviewed the diff

carlostome
carlostome previously approved these changes Oct 22, 2025
View reviewed changes
Copy link
Collaborator

@carlostome carlostome left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

WhatisRT
WhatisRT reviewed Oct 22, 2025
View reviewed changes
Copy link
Collaborator

@WhatisRT WhatisRT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a template with some things left for us to fill in.

I wonder if it even makes sense to have this template for this repository. We're not producing code that is used in production, our code only runs for testing purposes. What do other repositories that provide testing infrastructure do here?

@carlostome carlostome dismissed their stale review October 22, 2025 12:25

Missing bits

@ThatGuyLLC
Copy link
Author

ThatGuyLLC commented Oct 22, 2025

feel free to utilize it as you wish, it just serves that if something was found in the code that could effect running in another project this is a way to report it and a bounty is possible

ThatGuyLLC and others added 3 commits November 18, 2025 16:30
@ThatGuyLLC @aniketd
Update SECURITY.md
ec1d7f3 
The Security Council has approved a new SECURITY.md aligned with the bug-bounty process. Please update your project’s SECURITY.md with the correct links for your project and confirm that private vulnerability reporting is enabled for your repository.
All bug bounty details found here:
https://opensourcecommittee.docs.intersectmbo.org/about/paid-open-source-model-posm/bug-bounty-program'
@aniketd
Fill placeholders and fix grammar and typos
6f8f571
@aniketd
Fix formatting
a791fe1
@aniketd aniketd enabled auto-merge November 18, 2025 11:21
WhatisRT
WhatisRT reviewed Nov 19, 2025
View reviewed changes
SECURITY.md
vulnerability, please mention them in your email but ***DO NOT*** attempt to include them as
attachments as this may cause your Email to be blocked by spam filters.
See the security file in the [Cardano engineering handbook](https://github.com/input-output-hk/cardano-engineering-handbook/blob/main/SECURITY.md).
If you discover a security vulnerability in formal-ledger-specifications, we encourage you to responsibly disclose it to us. To report a vulnerability, please use the [private reporting form on GitHub](https://github.com/IntersectMBO/formal-ledger-specifications/security/advisories/new) to draft a new _Security advisory_.
Copy link
Collaborator

@WhatisRT WhatisRT Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The link in this line is a 404.

Copy link

@lehins lehins Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like secure submission of security advisories is not enabled on this repo. @ThatGuyLLC could you please enable it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WhatisRT WhatisRT WhatisRT left review comments

@carlostome carlostome Awaiting requested review from carlostome

@neilmayhew neilmayhew Awaiting requested review from neilmayhew

@lehins lehins Awaiting requested review from lehins

@williamdemeo williamdemeo Awaiting requested review from williamdemeo

@Soupstraw Soupstraw Awaiting requested review from Soupstraw

At least 1 approving review is required to merge this pull request.

Assignees

@aniketd aniketd

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ThatGuyLLC @WhatisRT @carlostome @lehins @aniketd