add what to do when there's a vulnerability to docs #687
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TylerLeonhardt
changed the title
rjmholt
reviewed
Jun 15, 2018
CONTRIBUTING.md
Outdated
| @@ -11,6 +11,10 @@ don't match the goals of the project. The core maintainer team has the right of | |||
| any contribution to this project. However, we are very happy to hear community feedback on any decision | |||
| so that we can ensure we are solving the right problems in the right way. | |||
|
|
|||
| > NOTE: If you believe that there is a security vulnerability in the PowerShell extension for VSCode, | |||
There was a problem hiding this comment.
I would make this its own heading rather than putting it in as a quote block:
### Security Reporting
If you believe that there is a security vulnerability in the PowerShell extension for VSCode,
it **must** be reported to [[email protected]](https://technet.microsoft.com/security/ff852094.aspx) to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923).
**Only** file an issue, if [email protected] has confirmed filing an issue is appropriate.
Please also CC in [[email protected]](mailto:[email protected]).And then in the introductory paragraph, something like:
**NOTE**: If you believe there is a security vulnerability, please see [Security Reporting](#Security Reporting).Or however you get paragraph linking to work...
rjmholt
approved these changes
Jun 15, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.