Skip to content

Update security issue reporting instructions #64491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 22, 2025
Merged

Update security issue reporting instructions #64491

merged 3 commits into from
Nov 22, 2025
+6 −4

Conversation

@danroth27
Copy link
Member

@danroth27 danroth27 commented Nov 21, 2025

@github-actions github-actions bot added the needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically label Nov 21, 2025
Copilot finished reviewing on behalf of danroth27 November 21, 2025 21:29
Copilot AI reviewed Nov 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the security issue reporting instructions in SECURITY.md and README.md to align with the dotnet/runtime repository's approach. The changes modernize the reporting process by directing users to the MSRC Researcher Portal instead of email-based reporting, and remove outdated references to PGP keys.

Key changes:

  • Replaces email-based security reporting ([email protected]) with the MSRC Researcher Portal web form
  • Updates FAQ links from the old TechCenter to current MSRC FAQ pages
  • Adds cross-reference between README.md and SECURITY.md for better documentation navigation
  • Includes reference to the Microsoft .NET Bounty Program in README.md

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
SECURITY.md Updates vulnerability reporting method from email to MSRC Researcher Portal, modernizes FAQ link, removes PGP key reference
README.md Updates security reporting instructions to match SECURITY.md, adds cross-reference to SECURITY.md, adds bounty program link

danroth27
danroth27 commented Nov 21, 2025
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Nov 21, 2025
Open
@adityamandaleeka adityamandaleeka merged commit 0d10296 into main Nov 22, 2025
30 checks passed
@adityamandaleeka adityamandaleeka deleted the danroth27/security branch November 22, 2025 17:18
@dotnet-policy-service dotnet-policy-service bot added this to the 11.0-preview1 milestone Nov 22, 2025
@dotnet-maestro dotnet-maestro bot mentioned this pull request Nov 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@adityamandaleeka adityamandaleeka adityamandaleeka approved these changes

@blowdart blowdart blowdart approved these changes

Assignees

No one assigned

Labels

needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically

Projects

None yet

Milestone

11.0-preview1

Development

Successfully merging this pull request may close these issues.

Security policy should probably not be listing an e-mail address

4 participants

@danroth27 @adityamandaleeka @blowdart