Skip to content

Commit 88b53d3

Browse files
NIH Data Call: inject public repository security policy into SECURITY.md
1 parent 3be98b0 commit 88b53d3

1 file changed

Lines changed: 19 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
# NCI Standard Public Repository Security Policy
2+
3+
## Maintained Versions
4+
5+
Actively maintained versions of contained software will vary from repository to repository, or may not be relevant at all.
6+
The developers of this repository will update this section if any actively maintained versions of the software need to be publicly disclosed. Otherwise, contact the developers directly for any version information.
7+
8+
## Vulnerability Disclosure:
9+
10+
### Option 1: HHS Vulnerability Disclosure
11+
12+
Follow the instructions listed in the [HHS vulnerability disclosure policy](https://www.hhs.gov/vulnerability-disclosure-policy/index.html).
13+
14+
### Option 2: Private Vulnerability Report
15+
16+
1. Click on the **Security and quality** tab of this repository.
17+
2. Locate the **Report a vulnerability** button. If the button is not on the **Security and quality** landing page, look under the **Advisories** section in the side bar.
18+
3. Click the **Report a vulnerability** button and submit the form. The developers will receive a notification of your submission.
19+

0 commit comments

Comments
 (0)