diff --git a/SECURITY.md b/SECURITY.md index 5c52c46..ccca43d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,11 +2,9 @@ # Security Policy -## Supported Versions - -**2024-09-04 Status**: At this time there are no code releases for which there +**2024-09-18 Status**: At this time there are no code releases for which there need be any vulnerability and exploit concerns. Current repository content consists of text files and web documentation of an @@ -15,6 +13,8 @@ experimental/provisional nature with limited use of SML for proofs-of-concept. Most considerations of errors and defects can be handled using the project Issues and Discussion topics. Pull-requests are generally unwarranted at this time. + +## Supported Versions | Version | Supported | | ------- | ------------------ | @@ -22,15 +22,16 @@ time. ## Reporting a Vulnerability -If you believe there is need to engage in a private discussion about a -potential threat or threat-surface defect, please use the GitHub -vulnerability reporting provision of this repository/project Security tab. +To privately report an exploitable vulnerability or exposed threat-surface of +the Miser Project, please use the GitHub vulnerability reporting provision of +at the +[Miser Project Security](https://github.com/orcmid/miser/security) tab. -If you are unable to exercise that capability, or prefer private email -communication, send a digitally-signed plaintext email to -[orcmid](mailto:orcmid@msn.com). +If you are unable to exercise that capability, or prefer private email communication, +send a digitally-signed plaintext email to [orcmid](mailto:orcmid@msn.com). -If you have concerns about email security/privacy, enclose an ASCII-armored -PGP-encrypted text file using the +If you have reservations about email security/privacy, enclose an +ASCII-armored file PGP-encrypted using the [orcmid Apache](https://people.apache.org/keys/committer/orcmid.asc) -public key. +public key. If you wish encrypted responses, also sign that email in order for +your public key to be known.