CREATE AN ISSUE to report a security problem. please create a ticket from this template stating the issue. Security Issue
In case an incident is discovered or reported, I will follow the following process to contain, respond and remediate:
The first step is to find out the root cause, nature and scope of the incident.
- Is still ongoing? If yes, first the priority is to stop it.
- Is the incident outside of my influence? If yes, first the priority is to contain it.
- Find out knows about the incident and who is affected.
- Find out what data was potentially exposed.
One way to immediately remove all access for the WIP app is to remove the private key from the WIP App Settings page. The access can be recovered later by generating a new private key and re-deploy the app.
After the initial assessment and containment to my best abilities, I will document all actions taken in a response plan.
I will create a comment in the ticket logged to inform users about the incident and what I actions I took to contain it.
Once the incident is confirmed to be resolved, I will summarize the lessons learned from the incident and create a list of actions I will take to prevent it from happening again.
We learn about critical software updates and security threats from these sources
- GitHub Security Alerts
- GitHub: https://status.github.com/ & @githubstatus