From 3398cc933015e325750349483f3ac3384aaa418c Mon Sep 17 00:00:00 2001 From: mpope13 <120727303+mpope13@users.noreply.github.com> Date: Wed, 4 Mar 2026 13:07:13 +0000 Subject: [PATCH 1/3] Include vulnerability reporting guidelines Added section on vulnerability reporting and its importance. --- source/standards/practices/Public-Repositories.html.md.erb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source/standards/practices/Public-Repositories.html.md.erb b/source/standards/practices/Public-Repositories.html.md.erb index f7457ef7..245f8d22 100644 --- a/source/standards/practices/Public-Repositories.html.md.erb +++ b/source/standards/practices/Public-Repositories.html.md.erb @@ -17,6 +17,12 @@ Use the links below as a guide to support decision making in relation to code in - [Code in Private Repo Exception Process] (https://tools.hmcts.net/confluence/spaces/DATS/pages/1903995831/3.+Code+in+Private+Repo+Exception+Process) – How to request and manage exceptions for private repositories. +Vulnerability reporting + +A SECURITY.md file defines a project's vulnerability reporting process, giving researchers a private, responsible disclosure channel instead of public issue trackers. It sets clear expectations around supported versions and response timelines, reduces exploitation risk, builds community trust, and signals security maturity — recognized natively by platforms like GitHub. + +A template file can be found below +link to security.md file here Use these guidelines to keep your code reliable, secure, and compliant. From d18b9ae14b9f1cd801364a44e722761aa6bd17c1 Mon Sep 17 00:00:00 2001 From: mpope13 <120727303+mpope13@users.noreply.github.com> Date: Thu, 5 Mar 2026 12:17:35 +0000 Subject: [PATCH 2/3] Update Public-Repositories.html.md.erb --- .../standards/practices/Public-Repositories.html.md.erb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source/standards/practices/Public-Repositories.html.md.erb b/source/standards/practices/Public-Repositories.html.md.erb index 245f8d22..09c91fb9 100644 --- a/source/standards/practices/Public-Repositories.html.md.erb +++ b/source/standards/practices/Public-Repositories.html.md.erb @@ -19,10 +19,14 @@ Use the links below as a guide to support decision making in relation to code in Vulnerability reporting -A SECURITY.md file defines a project's vulnerability reporting process, giving researchers a private, responsible disclosure channel instead of public issue trackers. It sets clear expectations around supported versions and response timelines, reduces exploitation risk, builds community trust, and signals security maturity — recognized natively by platforms like GitHub. +A SECURITY.md file defines a projects vulnerability reporting process, giving researchers a private, responsible disclosure channel instead of public issue trackers. It sets clear expectations around supported versions and response timelines, reduces exploitation risk, builds community trust, and signals security maturity — recognized natively by platforms like GitHub. A template file can be found below -link to security.md file here + +The security.md template file can be found in the link below + +https://github.com/hmcts/hmcts.github.io/blob/main/security.md + Use these guidelines to keep your code reliable, secure, and compliant. From ffd44143293a2e510bb11efa6b0142437cbbaee2 Mon Sep 17 00:00:00 2001 From: mpope13 <120727303+mpope13@users.noreply.github.com> Date: Thu, 5 Mar 2026 12:20:03 +0000 Subject: [PATCH 3/3] Update Public-Repositories.html.md.erb for security info Removed the section on Code in Private Repo Exception Process and added a new section on Vulnerability reporting with relevant details. --- source/standards/practices/Public-Repositories.html.md.erb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/source/standards/practices/Public-Repositories.html.md.erb b/source/standards/practices/Public-Repositories.html.md.erb index 09c91fb9..d026ef4e 100644 --- a/source/standards/practices/Public-Repositories.html.md.erb +++ b/source/standards/practices/Public-Repositories.html.md.erb @@ -15,14 +15,10 @@ Use the links below as a guide to support decision making in relation to code in - [Pre-release Code Checklist] (https://tools.hmcts.net/confluence/spaces/DATS/pages/1903995798/2.+Pre-release+code+checklist) – Steps to validate code is suitable to be released into a public repository. -- [Code in Private Repo Exception Process] (https://tools.hmcts.net/confluence/spaces/DATS/pages/1903995831/3.+Code+in+Private+Repo+Exception+Process) – How to request and manage exceptions for private repositories. - -Vulnerability reporting +## Vulnerability reporting A SECURITY.md file defines a projects vulnerability reporting process, giving researchers a private, responsible disclosure channel instead of public issue trackers. It sets clear expectations around supported versions and response timelines, reduces exploitation risk, builds community trust, and signals security maturity — recognized natively by platforms like GitHub. -A template file can be found below - The security.md template file can be found in the link below https://github.com/hmcts/hmcts.github.io/blob/main/security.md