Skip to content

Update security issue reporting instructions #64491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Update security issue reporting instructions #64491

wants to merge 3 commits into from
+6 −4

Conversation

@danroth27
Copy link
Member

@danroth27 danroth27 commented Nov 21, 2025

@github-actions github-actions bot added the needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically label Nov 21, 2025
Copilot finished reviewing on behalf of danroth27 November 21, 2025 21:29
Copilot AI reviewed Nov 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the security issue reporting instructions in SECURITY.md and README.md to align with the dotnet/runtime repository's approach. The changes modernize the reporting process by directing users to the MSRC Researcher Portal instead of email-based reporting, and remove outdated references to PGP keys.

Key changes:

  • Replaces email-based security reporting (secure@microsoft.com) with the MSRC Researcher Portal web form
  • Updates FAQ links from the old TechCenter to current MSRC FAQ pages
  • Adds cross-reference between README.md and SECURITY.md for better documentation navigation
  • Includes reference to the Microsoft .NET Bounty Program in README.md

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
SECURITY.md Updates vulnerability reporting method from email to MSRC Researcher Portal, modernizes FAQ link, removes PGP key reference
README.md Updates security reporting instructions to match SECURITY.md, adds cross-reference to SECURITY.md, adds bounty program link

danroth27
danroth27 commented Nov 21, 2025
View reviewed changes
danroth27 and others added 2 commits November 21, 2025 13:35
@danroth27
Update SECURITY.md
ecfda7b
@danroth27
Update README.md
2d50b77 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@build-analysis build-analysis bot mentioned this pull request Nov 21, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@blowdart blowdart blowdart approved these changes

Assignees

No one assigned

Labels

needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security policy should probably not be listing an e-mail address

3 participants

@danroth27 @blowdart