From 1794287f6286c758db831465550b794da30ec0da Mon Sep 17 00:00:00 2001 From: Anders Sollander Date: Fri, 13 Mar 2020 10:05:17 +0100 Subject: [PATCH] Updates to SECURITY.md --- RELEASENOTES.md | 3 +++ SECURITY.md | 54 +++++-------------------------------------------- 2 files changed, 8 insertions(+), 49 deletions(-) diff --git a/RELEASENOTES.md b/RELEASENOTES.md index 4774f40..5e98d07 100644 --- a/RELEASENOTES.md +++ b/RELEASENOTES.md @@ -1,5 +1,8 @@ # MATLAB Interface *for AWS Athena* - Release Notes +## Release 0.2.1 (March 13 2020) +* Updates to SECURITY.md + ## Release 0.2.0 -- Initial public release diff --git a/SECURITY.md b/SECURITY.md index bb81216..221952e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,50 +1,6 @@ -# Security Reporting +# Reporting Security Vulnerabilities -Report suspected security issues to `security@mathworks.com`. This mail is delivered to a small security team. For critical problems you may encrypt your report (see below). - -Please use a descriptive subject line for your report email. In addition, please include the following information along with your report: - -* Your name and affiliation (if any). -* A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings. -* An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex. -* Whether this vulnerability public or known to third parties. If it is, please provide details. - -If you believe that an existing (public) issue is security-related, please send an email to `security@mathworks.com`. The email should include the issue ID and a short description of why it should be handled according to this security policy. - -## Encryption key for `security@mathworks.com` - -If your disclosure is extremely sensitive, you may choose to encrypt your report using the key below. Please only use this for critical security reports. - -```text ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQENBF0LglQBCADajWuKG6vM/f7OpUX4MlW8PrP5v0+tpqxFzkP8JHazJbi8GmNH -ZZ2cgZg21gdCQlADTZ4V8bBXwZjewp43WtQmMai0kph8p3hZh0fQkQVQV4Nf6bHF -i/j4Y8x8v2J+jCjEV7a9H4eIx48h+FCP+jLMuVX3pGnhtBuAJzV4p29KsgWckIfc -FfJmWFDHuj28MFJL18YKA7v5U5v4L5NRWLemTa2psW5nNT8WGFOf+5A8r0d6xYKr -/kMljkPoB9wOWQt7btWZ7yVSIDA9z0dLPDXsbenrzSRXZATyriLMx4qG/FNfsCXA -pIAIhW3LL5630PjHTOd4g9ZMT1XVMhyM3ChBABEBAAG0K01hdGhXb3JrcyBTZWN1 -cml0eSA8c2VjdXJpdHlAbWF0aHdvcmtzLmNvbT6JAVQEEwEIAD4WIQR/LQ6Bsmf9 -bqqXE9EJSpA24sg5zQUCXQuCVAIbAwUJA8PjrAULCQgHAgYVCgkICwIEFgIDAQIe -AQIXgAAKCRAJSpA24sg5zbWaCACzJmNcWySgTfRp6aLEuN0shyQkVi85h/jLj8go -tnDVcGYZOe53gZw+oTUugdL4TJE0vVXaGsQ/0Jc7hiSGfKHMpU/pXNBmxZOfcUmi -OVG1nAxj1ulvyImUUhahaMSeBtnlYwK/LTipD43AFwVm/h/wMA08Empm/0WeZhvo -NOEsIuales8OxyUK3z+8p0407K6LIlWp5sy5NbhLEA7AXtIcGPV/V9CCytZ9P/Xm -evuHjxnAnV8fGOxgb5zjTKNL1+Rx03DWz2sW1qT2/5kxic2zTUDbMUBbu4p63d5e -BbPBvWwt4GIAdmqMDnb8j6YSp7UgULf3sertDYQbNfNgTk14uQENBF0LglQBCACl -I61kKmTnHex7eRtgMLXRTHcxU7jJFyTsJvbH9V1tNRH3BvRpP5omr2gnuO8/b4jA -QPiKJ26xSTIzAiiFkfte/oyCgBjLDwDwfKPF6VRd8tDGxK6f/jnIir5GVWcz6cWB -n2CkmusCeft6T6uOKCsPWzzft1aDVC+O1h5vEW5wUaWU6wzD5o68YoR2vSLVdh7I -u70QvCdxH9MAFPzWxKwbKsl89z6k6rUWFsruZ/x/Z80qvxm6z3bC9fitm9MZD8zX -prtiDJjMTDvuvkltwq6O4r/aVvX4eidkV5kcVacXEJbp25ahwDw/4EZEji8d34Zg -QuNdxQQP+ciFjoSTJZfpABEBAAGJATwEGAEIACYWIQR/LQ6Bsmf9bqqXE9EJSpA2 -4sg5zQUCXQuCVAIbDAUJA8PjrAAKCRAJSpA24sg5zX1jCADFZrmOpigz3n0LEzJI -zRI9i7xOI/OMCZtONqN+TBZqA/d2lXUo0ImTj+DJ48N+t9nmnCUoB33Khal/oa2S -PZTAzkBHtCp+3Ecao/Lb2iUA2Izuv+k3W+3IetCFFVDRWkouFJ0Ht/mZPuas4+3L -3fEKR84Abrk7HJKNlKhJzcKXvyfgR/LR4MUCUFIqI+w13Rnre2KXHRTEECc6I24z -uEOgpp9WFg4NxHZUwhqpIErGwB2DoDcc+ZnK7CzX1Au/rURmkVikHjMKov0tQmC4 -r1M0pUb9IcBHwr7gEtp3DbeSXYH3BpLA1sF4OY+evae9VGhj4Gm7E7ILewar1HRG -CZMv -=99fE ------END PGP PUBLIC KEY BLOCK----- -``` +If you believe you have discovered a security vulnerability, please report it to +[security@mathworks.com](mailto:security@mathworks.com). Please see +[MathWorks Vulnerability Disclosure Policy for Security Researchers](https://www.mathworks.com/company/aboutus/policies_statements/vulnerability-disclosure-policy.html) +for additional information. \ No newline at end of file