Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Address #191

Open
SCH227 opened this issue Oct 18, 2023 · 4 comments
Open

Security Address #191

SCH227 opened this issue Oct 18, 2023 · 4 comments

Comments

@SCH227
Copy link

SCH227 commented Oct 18, 2023

Hello!

I may have found a security issue in latest version of pycolmap. Following responsible disclosure, is there an email or other private channel where I could share the details?
Thank you
@sarlinpe
Copy link
Collaborator

You can find my email on my website or in the git logs of this repo.

@SCH227
Copy link
Author

SCH227 commented Oct 18, 2023

Your email on your personal website is the Security Channel of pycolmap project?
I recommend adding a SECURITY.md file in your repo so reporters have clear instructions on how to handle disclosures.

@sarlinpe
Copy link
Collaborator

We've never faced this before so, no, we don't have a proper process - but we'll consider adding so, thank you. In the meantime our inbox is open:

pycolmap/pyproject.toml

Lines 12 to 14 in 03f610f

{ name = "Mihai Dusmanu", email = "mihai.dusmanu@microsoft.com" },
{ name = "Paul-Edouard Sarlin", email = "psarlin@ethz.ch" },
{ name = "Philipp Lindenberger", email = "plindenbe@ethz.ch" },

(update to email addresses in a pending PR)

@SCH227
Copy link
Author

SCH227 commented Oct 19, 2023

Emailed.
Thank you for your awesome project!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sarlinpe @SCH227