From 444c43d112d8ad5a8ae856d09d842caf3abf1f71 Mon Sep 17 00:00:00 2001 From: mattsb42-aws Date: Fri, 1 Nov 2019 13:44:57 -0700 Subject: [PATCH 01/10] fix GitHub capitalization issue --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b1b0694..5476ac2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -51,7 +51,7 @@ opensource-codeofconduct@amazon.com with any additional questions or comments. ## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue. ## Licensing From 795b4b61db33adf6a4c1e0d13b6ca7ff26f4faf7 Mon Sep 17 00:00:00 2001 From: mattsb42-aws Date: Fri, 1 Nov 2019 13:47:20 -0700 Subject: [PATCH 02/10] fix GitHub capitalizion issue in SECURITY --- SECURITY.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index d1a40a4..9d3b4f2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,5 @@ ## Reporting a Vulnerability -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security -via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. -Please do **not** create a public github issue. +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security +via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. +Please do **not** create a public GitHub issue. From b519dc3e2f7d52ed0a3b1bee6a17e0cf15513d6d Mon Sep 17 00:00:00 2001 From: James Siri <22601145+jamesiri@users.noreply.github.com> Date: Tue, 7 Apr 2020 10:50:31 -0700 Subject: [PATCH 03/10] Updating contribution doc Pulling the information about how to report security issues to the top of the file. --- CONTRIBUTING.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5476ac2..af52fc0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,6 +7,10 @@ Please read through this document before submitting any issues or pull requests information to effectively respond to your bug report or contribution. +## Security issue notifications +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue. + + ## Reporting Bugs/Feature Requests We welcome you to use the GitHub issue tracker to report bugs or suggest features. @@ -50,10 +54,6 @@ For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of opensource-codeofconduct@amazon.com with any additional questions or comments. -## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue. - - ## Licensing See the LICENSE file for our project's licensing. We will ask you to confirm the licensing of your contribution. From 677e2710f7c81179e1b20e2f014a1b96ef0cbc35 Mon Sep 17 00:00:00 2001 From: Henri Yandell Date: Thu, 8 Oct 2020 16:27:02 -0700 Subject: [PATCH 04/10] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index af52fc0..3088637 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -57,5 +57,3 @@ opensource-codeofconduct@amazon.com with any additional questions or comments. ## Licensing See the LICENSE file for our project's licensing. We will ask you to confirm the licensing of your contribution. - -We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes. From b2915afbdee87809e119749c14df47d6723dd1a6 Mon Sep 17 00:00:00 2001 From: James Siri <22601145+jamesiri@users.noreply.github.com> Date: Wed, 28 Oct 2020 12:24:07 -0700 Subject: [PATCH 05/10] Updating branch name Removing master and replacing with main. --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3088637..8ac3edd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -27,7 +27,7 @@ reported the issue. Please try to include as much information as you can. Detail ## Contributing via Pull Requests Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: -1. You are working against the latest source on the *master* branch. +1. You are working against the latest source on the *main* branch. 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. From 0e396f0a432db38e3e89062656001c17ec9c1ad3 Mon Sep 17 00:00:00 2001 From: jedigal <119687809+jedigal@users.noreply.github.com> Date: Tue, 21 Feb 2023 14:26:56 -0500 Subject: [PATCH 06/10] Update SECURITY.md Updating security.md file with new version based on feedback from stakeholders during security.txt/md project. --- SECURITY.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 9d3b4f2..7b7c45b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,3 @@ -## Reporting a Vulnerability +## Reporting Security Issues -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security -via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. -Please do **not** create a public GitHub issue. +We take all security reports seriously. When we receive such reports, we will investigate and subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential security issue in this project, please notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [AWS Security](mailto:aws-security@amazon.com). Please do *not* create a public GitHub issue in this project. From 0b296c8982d690d552d3a6f6ee512862b0934711 Mon Sep 17 00:00:00 2001 From: jedigal <119687809+jedigal@users.noreply.github.com> Date: Fri, 24 Feb 2023 16:07:32 -0500 Subject: [PATCH 07/10] Update SECURITY.md --- SECURITY.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 7b7c45b..75a3b51 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,11 @@ ## Reporting Security Issues -We take all security reports seriously. When we receive such reports, we will investigate and subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential security issue in this project, please notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [AWS Security](mailto:aws-security@amazon.com). Please do *not* create a public GitHub issue in this project. +We take all security reports seriously. +When we receive such reports, +we will investigate and subsequently address +any potential vulnerabilities as quickly as possible. +If you discover a potential security issue in this project, +please notify AWS/Amazon Security via our +[vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) +or directly via email to [AWS Security](mailto:aws-security@amazon.com). +Please do *not* create a public GitHub issue in this project. From 38fe74f8c494af1956311fafb0a5ebb77166b446 Mon Sep 17 00:00:00 2001 From: Ryan Nolette Date: Fri, 4 Oct 2024 08:23:27 -0400 Subject: [PATCH 08/10] added vdp link --- SECURITY.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 75a3b51..36fcee6 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,6 +6,8 @@ we will investigate and subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential security issue in this project, please notify AWS/Amazon Security via our -[vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) +[AWS Vulnerability Disclosure Program](https://hackerone.com/aws_vdp) or directly via email to [AWS Security](mailto:aws-security@amazon.com). +For more information please view the +[AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/) Please do *not* create a public GitHub issue in this project. From 50c9d20e947526e91c07b05ce42bb85ab4b359ee Mon Sep 17 00:00:00 2001 From: Ryan Nolette Date: Fri, 4 Oct 2024 23:11:18 -0400 Subject: [PATCH 09/10] reformatted --- SECURITY.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 36fcee6..1339e29 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,13 +1,14 @@ ## Reporting Security Issues -We take all security reports seriously. -When we receive such reports, -we will investigate and subsequently address -any potential vulnerabilities as quickly as possible. -If you discover a potential security issue in this project, -please notify AWS/Amazon Security via our -[AWS Vulnerability Disclosure Program](https://hackerone.com/aws_vdp) -or directly via email to [AWS Security](mailto:aws-security@amazon.com). -For more information please view the -[AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/) -Please do *not* create a public GitHub issue in this project. +Amazon Web Services (AWS) is dedicated to the responsible investigation of security vulnerabilities. + +We kindly ask that you **do not** open a public GitHub issue to report security concerns. + +Instead, please use one of the following options: + +- Submit the issue to the AWS Vulnerability Disclosure Program via [HackerOne](https://hackerone.com/aws_vdp) +- Send your report via [email](mailto:aws-security@amazon.com) + +For more details, visit the [AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/). + +Thank you for working with us to protect our customers! From 060b36c64e1b5dffe1edfb8d6b5f7743b764aa6b Mon Sep 17 00:00:00 2001 From: Ryan Nolette Date: Mon, 7 Oct 2024 11:20:27 -0400 Subject: [PATCH 10/10] reformatted --- SECURITY.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 1339e29..929cbfa 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,14 +1,11 @@ ## Reporting Security Issues -Amazon Web Services (AWS) is dedicated to the responsible investigation of security vulnerabilities. +Amazon Web Services (AWS) is dedicated to the responsible disclosure of security vulnerabilities. We kindly ask that you **do not** open a public GitHub issue to report security concerns. -Instead, please use one of the following options: - -- Submit the issue to the AWS Vulnerability Disclosure Program via [HackerOne](https://hackerone.com/aws_vdp) -- Send your report via [email](mailto:aws-security@amazon.com) +Instead, please submit the issue to the AWS Vulnerability Disclosure Program via [HackerOne](https://hackerone.com/aws_vdp) or send your report via [email](mailto:aws-security@amazon.com). For more details, visit the [AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/). -Thank you for working with us to protect our customers! +Thank you in advance for collaborating with us to help protect our customers.