From ebb9499aa98aeaab58e36389eedd871bac57c726 Mon Sep 17 00:00:00 2001 From: Naomi Carrigan Date: Wed, 17 Dec 2025 20:11:11 -0800 Subject: [PATCH] feat: new security report page --- src/content/docs/about/contact.md | 1 + src/content/docs/legal/security.md | 18 +++++++----------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/src/content/docs/about/contact.md b/src/content/docs/about/contact.md index 9545241..880a1f7 100644 --- a/src/content/docs/about/contact.md +++ b/src/content/docs/about/contact.md @@ -286,6 +286,7 @@ This form helps ensure we collect all necessary information to investigate and a ::: - **Security Vulnerability Report Form** (Preferred): https://forms.nhcarrigan.com/o/docs/forms/wgdbBkS4tjCGoVZTqtmMNx/4 +- **Public Security Reports:** View aggregated and sanitized security vulnerability reports for all our products at: https://security.nhcarrigan.com/report/ - Email: security@nhcarrigan.com (for general security questions or if you prefer email) - Use for: - Reporting security vulnerabilities diff --git a/src/content/docs/legal/security.md b/src/content/docs/legal/security.md index f878d72..2323bc7 100644 --- a/src/content/docs/legal/security.md +++ b/src/content/docs/legal/security.md @@ -174,7 +174,7 @@ Our standard coordinated disclosure timeline follows this process: **(c)** **Remediation Period:** Development and deployment of fixes (30-90 days depending on complexity); -**(d)** **Public Disclosure:** Joint announcement of vulnerability and resolution (after fix deployment and reasonable notice period). +**(d)** **Public Disclosure:** Joint announcement of vulnerability and resolution (after fix deployment and reasonable notice period). Aggregated and sanitized vulnerability reports are published at: https://security.nhcarrigan.com/report/ ### 4.3. Public Acknowledgement @@ -388,21 +388,17 @@ We utilise a comprehensive suite of security tools integrated into our developme ### 8.4. Public Security Reporting -:::tip[Heads Up!]{icon=pen} -The policy or policies in this section are still a work in progress. We have not yet implemented the necessary infrastructure to comply with this section. - -We are working very hard to get them in place as soon as possible. If you would like to help, consider [applying to join our team!](https://forms.nhcarrigan.com/o/docs/forms/mCxDu3snk9TzFiDjrT4Vc8/4) -::: - We maintain transparency about our security posture through publicly accessible security reports and dashboards: -**(a)** **Quality Dashboard:** Real-time security and quality metrics available; +**(a)** **Security Vulnerability Reports:** Aggregated and sanitized security vulnerability reports for all our products are published at: https://security.nhcarrigan.com/report/ -**(b)** **Security Reports:** Comprehensive security scan results published; +**(b)** **Quality Dashboard:** Real-time security and quality metrics available; -**(c)** **Regular Updates:** Weekly scanning cycles ensure up-to-date security information; +**(c)** **Security Reports:** Comprehensive security scan results published; -**(d)** **Trend Analysis:** Historical data tracking to identify and address security trends over time. +**(d)** **Regular Updates:** Weekly scanning cycles ensure up-to-date security information; + +**(e)** **Trend Analysis:** Historical data tracking to identify and address security trends over time. ### 8.5. Security Development Lifecycle