From 46007608b90611471aac45b101e4bb9998748139 Mon Sep 17 00:00:00 2001 From: Leslie Hawthorn Date: Thu, 2 May 2024 10:23:17 +0200 Subject: [PATCH] Update SECURITY.md Signed-off-by: Leslie Hawthorn --- SECURITY.md | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7a78a43..b37d8f1 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,19 +1 @@ -# Security and Disclosure Information Policy for the InstructLab Project - -The InstructLab team and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. - -## Reporting a Vulnerability - -If you think you've identified a security issue in an InstructLab project repository, please DO NOT report the issue publicly via the GitHub issue tracker, Slack Workspace, etc. - -Instead, send an email with as many details as possible to [instructlab-sec@osci.io](mailto:instructlab-sec@osci.io). This is a private mailing list for the core maintainers. - -Please do not create a public issue. - -## Security Vulnerability Response - -Each report is acknowledged and analyzed by the core maintainers within 3 working days. - -Any vulnerability information shared with core maintainers stays within the InstructLab project and will not be disseminated to other projects unless it is necessary to get the issue fixed. - -After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. +You can find information on how to report a potential security vulnerability, as well as where to subscribe to receive security alerts, on the project's [Security Page](https://github.com/instructlab/.github/blob/main/SECURITY.md).