From 30ad3f0fd1fa5c4616c58815957f554dddb46e12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mislav=20Marohni=C4=87?= Date: Wed, 9 Nov 2022 20:07:56 +0100 Subject: [PATCH] Fix SECURITY.md --- .github/SECURITY.md | 13 ++++++++++++- SECURITY.md | 11 ----------- 2 files changed, 12 insertions(+), 12 deletions(-) delete mode 100644 SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 27170f564..15f909b71 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,3 +1,14 @@ -If you discover a security issue in this repository, please submit it through the [GitHub Security Bug Bounty](https://hackerone.com/github). +GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [cli](https://github.com/cli). + +If you believe you have found a security vulnerability in GitHub CLI, you can report it to us in one of two ways: + +* Report it to this repository directly using [private vulnerability reporting][]. Such reports are not eligible for a bounty reward. + +* Submit the report through [HackerOne][] to be eligible for a bounty reward. + +**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** Thanks for helping make GitHub safe for everyone. + + [private vulnerability reporting]: https://github.com/cli/cli/security/advisories + [HackerOne]: https://hackerone.com/github diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index d9ca9342c..000000000 --- a/SECURITY.md +++ /dev/null @@ -1,11 +0,0 @@ -GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). - -If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. - -If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). - -If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. - -**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** - -Thanks for helping make GitHub safe for everyone.