Skip to content

Commit

Permalink
Update SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@juhoinkinen
juhoinkinen authored Jan 23, 2024
1 parent f4046c2 commit 058fd63
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ do not apply to Annif use.

We value your findings, and we would be grateful if you report
any concerns or vulnerabilities by email to **`[email protected]`**.
_Do not create a GitHub issue for security vulnerabilities_.
Note that Annif team is a part of the larger Finto team,
which has resources for the contact service throughout the year.

Expand All @@ -47,8 +48,9 @@ We confirm the problem and keep you informed of the fix.
To facilitate a quick and accurate response make sure to include the following details when submitting your report:

- A clear and descriptive title that outlines the report's subject and the software it pertains to (Annif).
- The versions of Annif, its dependencies and the (possible) other related software that give rise to the vulnerability.
- The version(s) of Annif, its dependencies and the (possible) other related software that contribute to the vulnerability.
- Break down the technical aspects of the vulnerability in your description.
- A minimal example showcasing the vulnerability.
- An explanation who has the potential to exploit this vulnerability and the benefits they would derive from doing so.
- Whether the vulnerability is public knowledge or known to third parties, and if so, share relevant details.
- (A remediation suggestion if you have have one.)

0 comments on commit 058fd63

Please sign in to comment.