BAH-4802 | Add SECURITY.md (vulnerability disclosure policy)#70
Open
vishalkarmalkarthoughtworks wants to merge 1 commit into
Open
BAH-4802 | Add SECURITY.md (vulnerability disclosure policy)#70vishalkarmalkarthoughtworks wants to merge 1 commit into
vishalkarmalkarthoughtworks wants to merge 1 commit into
Conversation
Adds SECURITY.md at the repo root pointing reporters to the private Bahmni disclosure process (security@bahmni.org) and the full process on the wiki. Satisfies the ch_security_policy OSS-audit check.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
SECURITY.mdat the repo root. Points security researchers to Bahmni's private vulnerability disclosure process — report to security@bahmni.org rather than via public issues/PRs — and links to the full process on the Bahmni wiki.Part of the rollout tracked in BAH-4802. Template validated on bahmni-core#331. Thin by design: the wiki remains the canonical Bahmni security documentation; this file is an on-GitHub signpost to it.
Why
GitHub renders
SECURITY.mdas the repo's "Security policy" (Security tab) and surfaces it when someone opens an issue, giving researchers clear guidance to disclose privately. Satisfies thech_security_policycheck in the Bahmni OSS best-practices audit.Test plan
SECURITY.mdvisible at repo root