1.1.1 SECURITY.md draft toward a sandbox description

orcmid · Sep 28, 2024 · ea269c7 · ea269c7
1 parent ca4f75a
commit ea269c7
Showing 1 changed file with 17 additions and 8 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,8 +1,8 @@
-# Security Policy
+# GitHub Repository orcmid.github.io Security Policy
 <!-- ---1----|----2----|----3----|----4----|----5----|----6----|----7----|--*
-     SECURITY.md 1.1.0             UTF-8                        dh:2024-09-27
+     SECURITY.md 1.1.1             UTF-8                        dh:2024-09-28
      -->
-**2024-09-27 Status**: There are no code releases at the
+**2024-09-28 Status**: There are no code releases at the
 [orcmid.github.io](https://github.com/orcmid/orcmid.github.io)
 repository/project.  Content consists of HTML, Markdown, and text files
 published as GitHub Pages to [Orcmid on GitHub](https://orcmid.github.io).
@@ -11,18 +11,21 @@ GitHub automatically anchors the documentation (`docs/`) GitHub Pages for
 other Orcmid on Github projects in subordinate directories, such as for
 [nfoTools](https://orcmid.github.io/nfoTools) and
 [The Miser Project on GitHub](https://orcmid.github.io/miser).
+site is at (https://orcmid.github.io)
 
-The individual projects of [Orcmid on GitHub](https://github.com/orcmid/)
+Individual projects of [Orcmid on GitHub](https://github.com/orcmid/)
 have separate and specific Security Policy statements, vulnerability reports,
 and instructions for reporting vulerabilities.  Consult **those** repository
-Security tabs and/or `SECURITY.md` files.
+Security tabs and/or `SECURITY.md` files for specific policies, vulnerability
+reports, and ways to report a vulnerability for a given repository/release.
 
 ## Supported Versions
 
-At [orcmid.github.io](https://github.com/orcmid/orcmid.github.io) There are no
+At the top-level
+[orcmid.github.io](https://github.com/orcmid/orcmid.github.io) there are no
 code releases whatsoever.  There are only materials used to generate static
-GitHub Pages.  **Subordinate projects** have project-specific security
-policies and the pertinent one should be consulted.
+GitHub Pages.  **Subordinate individual projects** have project-specific
+security policies and the pertinent one should be consulted.
 
 | Version | Supported          |
 | ------- | ------------------ |
@@ -35,8 +38,14 @@ GitHub repository for software having the suspected/detected security
 defect. That is where analysis, resolution, and publication of any
 vulnerability announcement must occur.**
 
+*Already-issued vulnerability announcements are found via the Security
+tab of specific [Orcmid on GitHub](https://github.com/orcmid/) project
+repositories.*
+
 ********************  CONTINUE BELOW HERE *******************************
 
+
+
 To privately report an exploitable vulnerability or exposed threat-surface,
 please use the GitHub vulnerability reporting provision of a specific
 project's Security tab, such as