|
1 | 1 | # Security Policy |
2 | 2 |
|
3 | | -## Reporting a Vulnerability |
| 3 | +This Eclipse Foundation Project adheres to the [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/security/policy/). |
4 | 4 |
|
5 | | -Please report vulnerabilities to the Eclipse Foundation Security Team at |
6 | | -security@eclipse.org |
| 5 | +## How To Report a Vulnerability |
| 6 | + |
| 7 | +If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure. |
| 8 | + |
| 9 | +**Please do not report security vulnerabilities through public issues, discussions, or change requests.** |
| 10 | + |
| 11 | +Instead, report it using one of the following ways: |
| 12 | + |
| 13 | +* Create a [confidential issue](https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability) in the Eclipse Foundation Vulnerability Reporting Tracker |
| 14 | + |
| 15 | +You can find more information about reporting and disclosure at the [Eclipse Foundation Security page](https://www.eclipse.org/security/). |
| 16 | + |
| 17 | +Please include as much of the information listed below as you can to help us better understand and resolve the issue: |
| 18 | + |
| 19 | +* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) |
| 20 | +* Affected version(s) |
| 21 | +* Impact of the issue, including how an attacker might exploit the issue |
| 22 | +* Step-by-step instructions to reproduce the issue |
| 23 | +* The location of the affected source code (tag/branch/commit or direct URL) |
| 24 | +* Full paths of source file(s) related to the manifestation of the issue |
| 25 | +* Configuration required to reproduce the issue |
| 26 | +* Log files that are related to this issue (if possible) |
| 27 | +* Proof-of-concept or exploit code (if possible) |
| 28 | + |
| 29 | +This information will help us triage your report more quickly. |
0 commit comments