Skip to content

Commit 3fc131a

Browse files
blowdartakoeplingerbartonjsCopilot
authored
Revise security policy details and reporting process (#121313)
Removed second mention of email, updated link titles, edited follow-up process. --------- Co-authored-by: Alexander Köplinger <[email protected]> Co-authored-by: Jeremy Barton <[email protected]> Co-authored-by: Copilot <[email protected]>
1 parent 8b0e1d6 commit 3fc131a

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

SECURITY.md

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,17 @@
22

33
## Supported Versions
44

5-
The .NET Core and ASP.NET Core support policy, including supported versions can be found at the [.NET Core Support Policy Page](https://dotnet.microsoft.com/platform/support/policy/dotnet-core).
5+
The .NET, .NET Core and ASP.NET Core support policy, including supported versions can be found at the [.NET and .NET Core Support Policy Page](https://dotnet.microsoft.com/platform/support/policy/dotnet-core).
66

77
## Reporting a Vulnerability
88

9+
**Please do not open issues on GitHub for anything you think might have a security implication.**
10+
911
Security issues and bugs should be reported privately to the Microsoft Security Response Center (MSRC), via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new).
10-
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your
11-
original message. Further information can be found in the [MSRC Report an Issue FAQ](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue).
1212

13-
Reports via MSRC may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at [https://aka.ms/corebounty](https://aka.ms/corebounty).
13+
You should receive a response within 24 hours. If for some reason you do not, please follow up via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/), using the Message functionality found at the bottom of the Activity tab on your vulnerability report.
14+
15+
Further information can be found in the MSRC [Report an issue and submission guidelines](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue).
16+
17+
Reports via MSRC may qualify for the Microsoft .NET Bug Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at [https://aka.ms/corebounty](https://aka.ms/corebounty).
1418

15-
Please do not open issues for anything you think might have a security implication.

0 commit comments

Comments
 (0)