Skip to content
This repository has been archived by the owner on Nov 10, 2022. It is now read-only.

Commit

Permalink
Move vuln disclosure RFC to PROPOSED
Browse files Browse the repository at this point in the history
- Final tweaks and typo corrections
- Move vuln disclosure RFC directory to root of RFC directory (we
  have done away with the "concepts" etc. directories)
  • Loading branch information
axelsimon authored and enarxbot committed Jul 29, 2020
1 parent 6a93515 commit bf7b0c4
Showing 1 changed file with 15 additions and 14 deletions.
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# RFC00004: Vulnerability Disclosure and Embargo Policy
# 00002: Vulnerability Disclosure and Embargo Policy
- Authors: [axel simon]([email protected])
- Status: [PROPOSED](/README.md#proposed)
- Since: 2020-03-10
- Status Note: under discussion
- Status Note: ready to be trialed
- Supersedes: N/A
- Start Date: 2020-03-03 (date you started working on this idea)
- Start Date: 2020-03-03
- Tags: security, infrastructure

## Summary
Expand Down Expand Up @@ -42,7 +42,7 @@ In other words:
## Tutorial

This RFC aims to provide a set of documents (ex. wiki pages) that describe the
Enarx vulnerability disclosure policy - including the use of embargos - and
Enarx vulnerability disclosure policy - including the use of embargoes - and
the list of security advisories and fixes.

The two pages are "Vulnerability Reporting and Embargo Policy" and "Enarx
Expand Down Expand Up @@ -238,14 +238,15 @@ We could offer further official channels for secure communication and
disclosure.

Some ideas are:
- Github: work with Github on security issues reporting (WIP)
- Use RocketChat, our current [chat platform](https://chat.enarx.dev) RocketChat's capacity for with end-to-end
encryptted conversations.
- [Keybase](https://keybase.io/encrypt) messaging
- [Signal](https://signal.org): raises question which account (ie: phone number)
- A OMEMO or OTR enabled Jabber / XMPP account (OMEMO offering the advantage
of allowing to establish a secure channel without both participants being
online)
- Github: work with Github on security issues reporting (WIP).
- Use RocketChat, our current [chat platform](https://chat.enarx.dev), in
particular its capacity for end-to-end encrypted conversations.
- [Keybase](https://keybase.io/encrypt) messaging.
- [Signal](https://signal.org): raises question which account (ie: currently,
an associated phone number).
- A [OMEMO](https://conversations.im/omemo/) or OTR enabled Jabber / XMPP
account (OMEMO offering the advantage of allowing to establish a secure
channel without both participants being online).
- [Secure Drop](https://securedrop.org/) (initially designed for as a way to
share and accept documents securely for news organisations, likely overkill)
- A simpler drop box over HTTPS
share and accept documents securely for news organisations, likely overkill).
- A simpler drop box over HTTPS.

0 comments on commit bf7b0c4

Please sign in to comment.