mirror of
https://github.com/th30d4y/ExecuTrace.git
synced 2026-05-26 11:35:51 +00:00
Docs: add retro docs website, security policy, and automated hall-of-fame workflows
This commit is contained in:
w4nn4d13
@@ -0,0 +1,36 @@
|
||||
# Security Advisory Process
|
||||
|
||||
This document defines how ExecuTrace handles vulnerability advisories.
|
||||
|
||||
## Advisory Workflow
|
||||
|
||||
1. Receive private report
|
||||
2. Triaging and severity assessment
|
||||
3. Patch development and review
|
||||
4. Coordinated release
|
||||
5. Public advisory publication and attribution
|
||||
|
||||
## Severity Guide
|
||||
|
||||
- Critical: Remote execution, full compromise
|
||||
- High: Privilege escalation, data exposure
|
||||
- Medium: Significant abuse with constraints
|
||||
- Low: Limited impact
|
||||
|
||||
## Attribution
|
||||
|
||||
Contributors and researchers who responsibly disclose verified vulnerabilities are added to:
|
||||
|
||||
- `website/data/security_hof.json`
|
||||
- website Security Hall of Fame section
|
||||
|
||||
## Advisory Template
|
||||
|
||||
- Title
|
||||
- Affected versions
|
||||
- CVSS/severity
|
||||
- Technical summary
|
||||
- Reproduction
|
||||
- Mitigation
|
||||
- Fixed version
|
||||
- Credits
|
||||
Reference in New Issue
Block a user