You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/About-the-Project/Asterisk-Security-Vulnerabilities.md
+3-7Lines changed: 3 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,7 +23,7 @@ The Asterisk project takes the issue of its users security seriously. If you bel
23
23
The Issue Tracker is Public!
24
24
The [Asterisk Issue Tracker](https://github.com/asterisk/asterisk/issues) is a public site, and all bug reports against Asterisk can be viewed openly by the public. While this results in a transparent, open process - which is good - reporting a security vulnerability on the issue tracker without properly selecting "[Report a vulnerability](https://github.com/asterisk/asterisk/security/advisories/new)" on the [New Issue page](https://github.com/asterisk/asterisk/issues/new/choose) makes the entire Asterisk user community vulnerable.
25
25
26
-
Reporting a vulnerability will automatically restrict who can view the information. If you have any difficulties with that we'll help; please follow the instructions here and e-mail the team at [security@asterisk.org.](mailto:security@asterisk.org)
26
+
Reporting a vulnerability will automatically restrict who can view the information.
27
27
28
28
29
29
[//]: #(end-warning)
@@ -43,13 +43,9 @@ What Can Be Reported?
43
43
Reporting a Security Vulnerability
44
44
==================================
45
45
46
-
1. Send an e-mail to the Asterisk Development Team by e-mailing [security@asterisk.org.](mailto:security@asterisk.org) Include the following:
47
-
1. A summary of the suspected vulnerability, e.g., 'Remotely exploitable buffer overflow in the FOO channel driver'
48
-
2. A detailed explanation of how the vulnerability can be exploited and/or reproduced. Test drivers/cases that can be used to demonstrate the vulnerability are highly appreciated.
49
-
2. A developer will respond to your inquiry. If you'd like, e-mails can be signed and/or encrypted.
50
-
3. Once the developer confirms the security vulnerability is discussed and confirmed you will be asked to report a vulnerability on the Asterisk issue tracker. **You must use the "[Report a vulnerability](https://github.com/asterisk/asterisk/security/advisories/new)" option on the [New Issue page](https://github.com/asterisk/asterisk/issues/new/choose) or the information will be publicly disclosed.**
46
+
All security vulnerabilities should be reported on the GitHub project. **You must use the "[Report a vulnerability](https://github.com/asterisk/asterisk/security/advisories/new)" option on the [New Issue page](https://github.com/asterisk/asterisk/issues/new/choose) or the information will be publicly disclosed.**
51
47
52
-
Security vulnerabilities are treated seriously by the developer community, and the Asterisk Development Team always attempts to address vulnerabilities in a timely fashion. Sometimes, external influences may impact when a security release can be made; feel free to e-mail the developer assigned to the issue or [security@asterisk.org](mailto:security@asterisk.org) to discuss the schedule for a security release for your issue.
48
+
Security vulnerabilities are treated seriously by the developer community, and the Asterisk Development Team always attempts to address vulnerabilities in a timely fashion. Sometimes, external influences may impact when a security release can be made; feel free to comment on the security vulnerability to discuss the schedule for a security release for your issue.
0 commit comments