Update MSRC Reporting Process #121303
Update MSRC Reporting Process #121303
Conversation
github-actions
bot
added
the
needs-area-label
dotnet-policy-service
bot
added
the
community-contribution
There was a problem hiding this comment.
Pull Request Overview
This PR updates the security vulnerability reporting instructions in both SECURITY.md and README.md files. The changes modernize the reporting process by directing users to the MSRC Researcher Portal instead of email, and streamline the documentation by removing references to the now-obsolete PGP key.
Key changes:
- Replaces email-based reporting ([email protected]) with a direct link to the MSRC Researcher Portal
- Removes outdated references to the MSRC PGP key from both files
- Maintains consistency in security reporting guidance across documentation
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| SECURITY.md | Updates vulnerability reporting method to use MSRC Researcher Portal and removes PGP key reference |
| README.md | Aligns security reporting instructions with SECURITY.md changes, replacing email with portal link |
|
@dotnet-policy-service agree company="HeroDevs, LLC" |
huoyaoyuan
added
area-Meta
and removed
needs-area-label
|
Thank you for noticing this, but it's a template for all .NET Foundation repositories. The infra team should be responsible to apply the change for the whole organization. |
|
Tagging subscribers to this area: @dotnet/area-meta |
|
/ba-g markdown changes only |
|
@huoyaoyuan there's going to be a central process for updating the file, but it will take some time. We can take this change in the meantime |
4 participants
MSRC no longer directly accepts e-mail submissions via [email protected]. Submissions must be reported via the MSRC portal or a one-time token for e-mail submission obtained from the MSRC portal.
This proposal updates the README.md and SECURITY.md to reflect these changes.