From 38fe74f8c494af1956311fafb0a5ebb77166b446 Mon Sep 17 00:00:00 2001 From: Ryan Nolette Date: Fri, 4 Oct 2024 08:23:27 -0400 Subject: [PATCH 1/3] added vdp link --- SECURITY.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 75a3b51e..36fcee6a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,6 +6,8 @@ we will investigate and subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential security issue in this project, please notify AWS/Amazon Security via our -[vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) +[AWS Vulnerability Disclosure Program](https://hackerone.com/aws_vdp) or directly via email to [AWS Security](mailto:aws-security@amazon.com). +For more information please view the +[AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/) Please do *not* create a public GitHub issue in this project. From 50c9d20e947526e91c07b05ce42bb85ab4b359ee Mon Sep 17 00:00:00 2001 From: Ryan Nolette Date: Fri, 4 Oct 2024 23:11:18 -0400 Subject: [PATCH 2/3] reformatted --- SECURITY.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 36fcee6a..1339e295 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,13 +1,14 @@ ## Reporting Security Issues -We take all security reports seriously. -When we receive such reports, -we will investigate and subsequently address -any potential vulnerabilities as quickly as possible. -If you discover a potential security issue in this project, -please notify AWS/Amazon Security via our -[AWS Vulnerability Disclosure Program](https://hackerone.com/aws_vdp) -or directly via email to [AWS Security](mailto:aws-security@amazon.com). -For more information please view the -[AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/) -Please do *not* create a public GitHub issue in this project. +Amazon Web Services (AWS) is dedicated to the responsible investigation of security vulnerabilities. + +We kindly ask that you **do not** open a public GitHub issue to report security concerns. + +Instead, please use one of the following options: + +- Submit the issue to the AWS Vulnerability Disclosure Program via [HackerOne](https://hackerone.com/aws_vdp) +- Send your report via [email](mailto:aws-security@amazon.com) + +For more details, visit the [AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/). + +Thank you for working with us to protect our customers! From 060b36c64e1b5dffe1edfb8d6b5f7743b764aa6b Mon Sep 17 00:00:00 2001 From: Ryan Nolette Date: Mon, 7 Oct 2024 11:20:27 -0400 Subject: [PATCH 3/3] reformatted --- SECURITY.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 1339e295..929cbfa6 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,14 +1,11 @@ ## Reporting Security Issues -Amazon Web Services (AWS) is dedicated to the responsible investigation of security vulnerabilities. +Amazon Web Services (AWS) is dedicated to the responsible disclosure of security vulnerabilities. We kindly ask that you **do not** open a public GitHub issue to report security concerns. -Instead, please use one of the following options: - -- Submit the issue to the AWS Vulnerability Disclosure Program via [HackerOne](https://hackerone.com/aws_vdp) -- Send your report via [email](mailto:aws-security@amazon.com) +Instead, please submit the issue to the AWS Vulnerability Disclosure Program via [HackerOne](https://hackerone.com/aws_vdp) or send your report via [email](mailto:aws-security@amazon.com). For more details, visit the [AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/). -Thank you for working with us to protect our customers! +Thank you in advance for collaborating with us to help protect our customers.