mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-08-02 07:52:15 +02:00
revise SECURITY.md
Revise and reformat, move VDP link lower in the doc
This commit is contained in:
parent
7d2a44226a
commit
7563cff1c0
1 changed files with 4 additions and 2 deletions
6
.github/SECURITY.md
vendored
6
.github/SECURITY.md
vendored
|
@ -1,3 +1,5 @@
|
|||
If you've found a security or privacy issue on the .gov top-level domain infrastructure, email dotgov@cisa.dhs.gov.
|
||||
* If you've found a security or privacy issue on the **.gov top-level domain infrastructure**, submit it to our [vulnerabilty disclosure form](https://forms.office.com/Pages/ResponsePage.aspx?id=bOfNPG2UEkq7evydCEI1SqHke9Gh6wJEl3kQ5EjWUKlUMTZZS1lBVkxHUzZURFpLTkE2NEJFVlhVRi4u) or email dotgov@cisa.dhs.gov.
|
||||
* If you see a security or privacy issue on **an individual .gov domain**, check [current-full.csv](https://flatgithub.com/cisagov/dotgov-data/blob/main/?filename=current-full.csv) or [Whois](https://domains.dotgov.gov/dotgov-web/registration/whois.xhtml) (same data) to check whether the domain has a security contact to report your finding directly. You are welcome to Cc dotgov@cisa.dhs.gov on the email.
|
||||
* If you are unable to find a contact or receive no response from the security contact, email dotgov@cisa.dhs.gov.
|
||||
|
||||
If you see a security or privacy issue on a .gov domain, check [current-full.csv]([url](https://github.com/cisagov/dotgov-data/blob/main/current-full.csv)) or whois (same data) to see if the domain has a security contact. Most [federal (executive branch) agencies]([url](https://github.com/cisagov/vdp-in-fceb/)) also have a vulnerability disclosure policy. If you are unable to find a contact or receive no response from the security contact, you may email dotgov@cisa.dhs.gov.
|
||||
Note that most federal (executive branch) agencies maintain a [vulnerability disclosure policy](https://github.com/cisagov/vdp-in-fceb/).
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue