diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..2aaac86a58 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,10 @@ +# Govdirectory Security Policy + +## Scope + +This policy is intended for all resources available on `*.govdirectory.org*` and any repository in the Govdirectory GitHub organization. + +## Reporting a Vulnerability + +You can privately report a vulnerability to the Govdirectory team by [creating a security advisory on GitHub](https://github.com/govdirectory/website/security/advisories/new). This report will be kept private while it is being assessed by the team. + diff --git a/static/.well-known/security.txt b/static/.well-known/security.txt new file mode 100644 index 0000000000..b5efce4628 --- /dev/null +++ b/static/.well-known/security.txt @@ -0,0 +1,5 @@ +Contact: https://github.com/govdirectory/website/security +Preferred-Languages: en +Canonical: https://govdirectory.org/.well-known/security.txt +Policy: https://github.com/govdirectory/website/blob/main/SECURITY.md + diff --git a/templates/standard-for-public-code.html b/templates/standard-for-public-code.html index 95a32cbc5d..6b3a073560 100644 --- a/templates/standard-for-public-code.html +++ b/templates/standard-for-public-code.html @@ -366,7 +366,7 @@

Make contributing easy

-☐ criterion met. +☑ criterion met. @@ -408,25 +408,25 @@

GitHub's security advisories

MeetsRequirementNotes and links
- +Ok The documentation MUST include instructions for how to report potentially security sensitive issues. - +SECURITY.md