Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SECURITY.md #1179

Merged
merged 4 commits into from
Feb 7, 2024
Merged

Add SECURITY.md #1179

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d999950
Add SECURITY.md
bmhowe23 Feb 6, 2024
037d211
Formatting and spelling allow list
bmhowe23 Feb 6, 2024
f14d069
Exclude email addresses from spell check
bmhowe23 Feb 6, 2024
3cf38d1
Merge branch 'main' into pr-add-security.md
bmhowe23 Feb 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/config/spellcheck_config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ matrix:
- open: '([A-Za-z_\\\/]+\.)+'
close: '($|(?=[^a-z]))'
content: '\S+?'
# Ignore email addresses
- open: '\b[A-Za-z0-9._%+-]+@'
close: '[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'

- name: rst
sources:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/config/spelling_allowlist.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ OpenQASM
OpenSSL
OpenSUSE
POSIX
PSIRT
Pauli
Paulis
PyPI
Expand Down Expand Up @@ -88,6 +89,7 @@ VQE
Vazirani
WSL
accessor
acknowledgement
adjoint
al
ansatz
Expand Down
34 changes: 34 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Security

NVIDIA is dedicated to the security and trust of our software products and
services, including all source code repositories managed through our
organization.

If you need to report a security issue, please use the appropriate contact points
outlined below. **Please do not report security vulnerabilities through GitHub.**

## Reporting Potential Security Vulnerability in an NVIDIA Product

To report a potential security vulnerability in any NVIDIA product:

- Web: [Security Vulnerability Submission Form](https://www.nvidia.com/object/submit-security-vulnerability.html)
- E-Mail: <[email protected]>
- We encourage you to use the following PGP key for secure email communication:
[NVIDIA public PGP Key for communication](https://www.nvidia.com/en-us/security/pgp-key)
- Please include the following information:
- Product/Driver name and version/branch that contains the vulnerability
- Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
- Instructions to reproduce the vulnerability
- Proof-of-concept or exploit code
- Potential impact of the vulnerability, including how an attacker could
exploit the vulnerability

While NVIDIA currently does not have a bug bounty program, we do offer
acknowledgement when an externally reported security issue is addressed under
our coordinated vulnerability disclosure policy. Please visit our
[Product Security Incident Response Team (PSIRT)](https://www.nvidia.com/en-us/security/psirt-policies/)
policies page for more information.

## NVIDIA Product Security

For all security-related concerns, please visit [NVIDIA's Product Security portal](https://www.nvidia.com/en-us/security).
Loading