UNPKG

vsce/SECURITY.md

Version:

2.77 kBMarkdownView Raw

1<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
2
3## Security
4
5Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
6
7If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.
8
9## Reporting Security Issues
10
11**Please do not report security vulnerabilities through public GitHub issues.**
12
13Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
14
15If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
16
17You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
18
19Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
20
21- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
22- Full paths of source file(s) related to the manifestation of the issue
23- The location of the affected source code (tag/branch/commit or direct URL)
24- Any special configuration required to reproduce the issue
25- Step-by-step instructions to reproduce the issue
26- Proof-of-concept or exploit code (if possible)
27- Impact of the issue, including how an attacker might exploit the issue
28
29This information will help us triage your report more quickly.
30
31If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
32
33## Preferred Languages
34
35We prefer all communications to be in English.
36
37## Policy
38
39Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
40
41<!-- END MICROSOFT SECURITY.MD BLOCK -->

1	`<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->`
2
3	`## Security`
4
5	`Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).`
6
7	`If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.`
8
9	`## Reporting Security Issues`
10
11	`Please do not report security vulnerabilities through public GitHub issues.`
12
13	`Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).`
14
15	`If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).`
16
17	`You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).`
18
19	`Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:`
20
21	`- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)`
22	`- Full paths of source file(s) related to the manifestation of the issue`
23	`- The location of the affected source code (tag/branch/commit or direct URL)`
24	`- Any special configuration required to reproduce the issue`
25	`- Step-by-step instructions to reproduce the issue`
26	`- Proof-of-concept or exploit code (if possible)`
27	`- Impact of the issue, including how an attacker might exploit the issue`
28
29	`This information will help us triage your report more quickly.`
30
31	`If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.`
32
33	`## Preferred Languages`
34
35	`We prefer all communications to be in English.`
36
37	`## Policy`
38
39	`Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).`
40
41	`<!-- END MICROSOFT SECURITY.MD BLOCK -->`