-
Notifications
You must be signed in to change notification settings - Fork 155
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into g-consulting-update
- Loading branch information
Showing
3 changed files
with
63 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # Security Policy | ||
|
|
||
| As a U.S. Government agency, the General Services Administration (GSA) takes | ||
| seriously our responsibility to protect the public's information, including | ||
| financial and personal information, from unwarranted disclosure. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| Services operated by the U.S. General Services Administration (GSA) | ||
| are covered by the **GSA Vulnerability Disclosure Program (VDP)**. | ||
|
|
||
| See the [GSA Vulnerability Disclosure Policy](https://gsa.gov/vulnerability-disclosure-policy) | ||
| at <https://www.gsa.gov/vulnerability-disclosure-policy> for details including: | ||
|
|
||
| * How to submit a report if you believe you have discovered a vulnerability. | ||
| * GSA's coordinated disclosure policy. | ||
| * Information on how you may conduct security research on GSA developed | ||
| software and systems. | ||
| * Important legal and policy guidance. | ||
|
|
||
| ### [Bug Bounties](https://hackerone.com/gsa_bbp) | ||
|
|
||
| Certain GSA/TTS programs have bug bounties that are not discussed at the above link. If you find security issues for any of the following domains: | ||
|
|
||
| * cloud.gov | ||
| * search.gov | ||
| * usa.gov | ||
| * 18f.gov | ||
| * fedramp.gov | ||
| * login.gov | ||
| * vote.gov | ||
|
|
||
| you should also review the [GSA Bug Bounty program](https://hackerone.com/gsa_bbp) at <https://hackerone.com/gsa_bbp/> for a potential bounty. | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| Please note that only certain branches are supported with security updates. | ||
|
|
||
| | Version (Branch) | Supported | | ||
| | ---------------- | ------------------ | | ||
| | main | :white_check_mark: | | ||
| | other | :x: | | ||
|
|
||
| When using this code or reporting vulnerabilities please only use supported | ||
| versions. |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters