Skip to content

Commit

Permalink
Update SECURITY.md (#3440)
Browse files Browse the repository at this point in the history
* Update SECURITY.md
  • Loading branch information
achalker authored Mar 21, 2024
1 parent 352f124 commit 25d3d02
Showing 1 changed file with 3 additions and 7 deletions.
10 changes: 3 additions & 7 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Security Policy

This document outlines security procedures and general policies for the `OnDemand`
This document outlines security procedures and general policies for the `Open OnDemand`
project.

## Reporting a Vulnerability
Expand All @@ -26,12 +26,8 @@ involving the following steps:
## Comments on this Policy

If you have suggestions on how this process could be improved please submit
a ticket, open a [Discorse](https://discourse.osc.edu/) topic or open a pull request.
a ticket, open a [Discourse](https://discourse.openondemand.org/) topic or open a pull request.

## Security Audits

[Trusted CI](https://trustedci.org/), the NSF Cybersecurity Center of
Excellence, conducted an in-depth vulnerability assessment of Open OnDemand, completing
it in December 2018. This assessment included a careful review of the code, increasing
our confidence in its security. The Ohio Supercomputing Center addressed the implementation
issues (bugs) that were found during this review, producing a more robust revision of Open OnDemand.
The Open OnDemand core development team has had several engagements with [Trusted CI](https://trustedci.org/), the NSF Cybersecurity Center of Excellence. The first engagement was in 2018, during which Trusted CI conducted an in-depth vulnerability assessment and identified a few implementation issues that the Open OnDemand developers subsequently addressed. [A report of that 2018 engagement is available here.](https://openondemand.org/trustedci-2018) The next engagement was in early 2021 and had three objectives: (1) integrate security automation into DevOps flows; (2) transfer skills for vulnerability assessments; and (3) develop needed security policies, practices, and procedures. [A report of that 2021 engagement is available here.](https://openondemand.org/trustedci)

0 comments on commit 25d3d02

Please sign in to comment.