Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relocate vulnerability disclosure policy to https://security-guidance.service.justice.gov.uk/ #296

Open
cybersquirrel opened this issue Feb 14, 2022 · 2 comments
Open

Relocate vulnerability disclosure policy to https://security-guidance.service.justice.gov.uk/ #296

cybersquirrel opened this issue Feb 14, 2022 · 2 comments

Comments

@cybersquirrel
Copy link
Contributor

For various historic and dull reasons, our original vulnerability disclosure policy was put (and is still) here:
https://mojdigital.blog.gov.uk/vulnerability-disclosure-policy/

In practice there's no real reason why we couldn't have it under https://security-guidance.service.justice.gov.uk/ now. I know it felt odd to link off of gov.uk when it was originally established, and our guidance and policy wasn't under .gov.uk, but that has now changed.

This would also need a tweak to our security.txt files, and the hall of fame content moving over too.
@warmanaMOJ
Copy link
Contributor

Absolutely - although we might also consider:

https://www.gov.uk/help/report-vulnerability

... including the possibility of a dedicated sub-page, similar to:

https://www.gov.uk/guidance/report-a-vulnerability-on-a-dwp-system.

@cybersquirrel
Copy link
Contributor Author

Yes that would be fine, but wouldn't want to lose the hall of fame element.

@warmanaMOJ warmanaMOJ mentioned this issue Feb 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@warmanaMOJ @cybersquirrel