Skip to content

Fix #196, Add Testing Tools to the Security Policy#197

Merged
astrogeco merged 1 commit intonasa:integration-candidatefrom
ArielSAdamsNASA:SecurityPolicy
Mar 4, 2021
Merged

Fix #196, Add Testing Tools to the Security Policy#197
astrogeco merged 1 commit intonasa:integration-candidatefrom
ArielSAdamsNASA:SecurityPolicy

Conversation

@ArielSAdamsNASA
Copy link
Contributor

@ArielSAdamsNASA ArielSAdamsNASA commented Feb 23, 2021
edited
Loading

Describe the contribution
Fix #196
Updated the Security Policy to include the type of testing done for cFS under a new section titled "Testing". Provided a disclaimer that under the Apache license, liability is not provided.

Expected behavior changes
Users should now be aware of the type of testing cFS undergoes.

Additional context
References:
https://github.com/thanos-io/thanos/security/policy
https://github.com/phpMussel/phpMussel/security/policy
https://github.com/timberio/vector/security/policy

Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal

@ArielSAdamsNASA ArielSAdamsNASA added the CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) label Feb 24, 2021
@astrogeco
Copy link
Contributor

astrogeco commented Feb 24, 2021

Rename title to reflect the change. "Update" is too vague.

@astrogeco
Copy link
Contributor

astrogeco commented Feb 24, 2021
edited
Loading

Probably update the Issue title first

@ArielSAdamsNASA ArielSAdamsNASA changed the title Fix #196, Update the Security Policy Fix #196, Add Testing Tools to the Security Policy Feb 24, 2021
@astrogeco astrogeco removed the CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) label Feb 24, 2021
@ArielSAdamsNASA
Copy link
Contributor Author

ArielSAdamsNASA commented Feb 24, 2021
edited
Loading

  1. Removed:

For vulnerabilities dealing with authentication, authorization, data integrity, or encryption please email us at [email protected]. Please include a description of the vulnerability, steps to reproduce the vulnerability, expected behavior, code snippets, system observed on, any additional context, and your name and organization.

  1. Added links to the cFS workflows, results, and where to find more information for each tool.
  2. Removed numbering and added headers instead
  3. Moved disclaimer from the bottom of the Testing section to the top of the Testing section
  4. Added commas where needed
  5. Updated issue and PR title to be more detailed

@ArielSAdamsNASA
Copy link
Contributor Author

ArielSAdamsNASA commented Mar 4, 2021
edited
Loading

  1. Added a new section titled "Security Reports". Instructed users to email us at [email protected] to submit security reports and findings.
  2. Update Additional Support section. Allow users to submit GitHub questions or email us for support.

The security policy is completed once reviewed and approved.

astrogeco
astrogeco suggested changes Mar 4, 2021
View reviewed changes
@astrogeco astrogeco changed the base branch from main to integration-candidate March 4, 2021 21:55
@astrogeco astrogeco merged commit 0e470f6 into nasa:integration-candidate Mar 4, 2021
@astrogeco astrogeco mentioned this pull request Mar 4, 2021
Merged
chillfig pushed a commit to chillfig/cFS that referenced this pull request Mar 17, 2022
Fix nasa#197, Resolve uninitialized variables in UT
c4773cb
chillfig pushed a commit to chillfig/cFS that referenced this pull request Mar 17, 2022
@astrogeco
Merge pull request nasa#198 from skliper/fix197-uninit_var
dbb94ab 
Fix nasa#197, Resolve uninitialized variables in UT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@astrogeco astrogeco astrogeco requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

CCB:FastTrack docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Testing Tools to the Security Policy

3 participants

@ArielSAdamsNASA @astrogeco @arielswalker