Skip to content

add what to do when there's a vulnerability to docs #687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 18, 2018
Merged

add what to do when there's a vulnerability to docs #687

merged 3 commits into from
Jun 18, 2018

Conversation

@TylerLeonhardt
Copy link
Member

@TylerLeonhardt TylerLeonhardt commented Jun 15, 2018

No description provided.

@TylerLeonhardt TylerLeonhardt requested a review from rjmholt as a code owner June 15, 2018 18:00
@TylerLeonhardt TylerLeonhardt changed the title add what to do when there's a vulnerability add what to do when there's a vulnerability to docs Jun 15, 2018
rjmholt
rjmholt reviewed Jun 15, 2018
View reviewed changes
CONTRIBUTING.md Outdated
any contribution to this project. However, we are very happy to hear community feedback on any decision
so that we can ensure we are solving the right problems in the right way.

> NOTE: If you believe that there is a security vulnerability in the PowerShell extension for VSCode,
Copy link
Contributor

@rjmholt rjmholt Jun 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would make this its own heading rather than putting it in as a quote block:

### Security Reporting
If you believe that there is a security vulnerability in the PowerShell extension for VSCode,
it **must** be reported to [secure@microsoft.com](https://technet.microsoft.com/security/ff852094.aspx) to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923).
**Only** file an issue, if secure@microsoft.com has confirmed filing an issue is appropriate.
Please also CC in [vscode-powershell@microsoft.com](mailto:vscode-powershell@microsoft.com).

And then in the introductory paragraph, something like:

**NOTE**: If you believe there is a security vulnerability, please see [Security Reporting](#Security Reporting).

Or however you get paragraph linking to work...

@TylerLeonhardt TylerLeonhardt merged commit b57b44f into master Jun 18, 2018
@TylerLeonhardt TylerLeonhardt deleted the tylerl0706-patch-1 branch June 18, 2018 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@rjmholt rjmholt rjmholt approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TylerLeonhardt @rjmholt