refactor(docs): better security linking and references for docs (#9621)

* Update SECURITY.md with link * restructure headers and add hall of fame * add cpe/cve policy * add CoC and Security Policy links in readme * update contributing link * add link to Threat Model * update dead links
2025-06-15 11:35:41 +00:00 · 2025-05-04 23:20:09 +02:00
parent 3bb43734a1
commit 887bc3c235
3 changed files with 31 additions and 9 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,7 +1,9 @@
 # Security Policy

 The InvenTree team take all security vulnerabilities seriously. Thank you for improving the security of our open source software.
+
 We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+The general project security policies and processes are documented in [our documentation](https://docs.inventree.org/en/stable/security/).

 ## Reporting a Vulnerability

@ -11,7 +13,13 @@ Please report security vulnerabilities by emailing the InvenTree team at:
 security@inventree.org
 ```

-Someone from the InvenTree development team will acknowledge your email as soon as possible, and indicate the next steps in handling your security report.
+Someone from the InvenTree development team will acknowledge your email as soon as possible (normally within a week), and indicate the next steps in handling your security report.


 The team will endeavour to keep you informed of the progress towards a fix for the issue, and subsequent release to the stable and development code branches. Where possible, the issue will be resolved within 90 days of reporting.
+
+### Public Disclosure
+
+Using GitHub's security advisory system, we will publish a public disclosure of the issue once it has been acknowledged, reproduced and resolved.
+We support assigning CVEs to security issues where appropriate.
+The project can be identified by the CPE code ``cpe:2.3:a:inventree_project:inventree:``.