diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dffb397..2396b26 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -124,11 +124,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/README.md b/README.md index e0f66c6..341d255 100644 --- a/README.md +++ b/README.md @@ -75,11 +75,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/SECURITY.md b/SECURITY.md index 0230f3c..c33d9ea 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,11 +2,7 @@ The Centers for Medicare & Medicaid Services is committed to ensuring the security of the American public by protecting their information from unwarranted disclosure. We want security researchers to feel comfortable reporting vulnerabilities they have discovered so we can fix them and keep our users safe. We developed our disclosure policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith. -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. Review the HHS Disclosure Policy and websites in scope: [https://www.hhs.gov/vulnerability-disclosure-policy/index.html](https://www.hhs.gov/vulnerability-disclosure-policy/index.html). @@ -14,6 +10,3 @@ Review the HHS Disclosure Policy and websites in scope: This policy describes *what systems and types of research* are covered under this policy, *how to send* us vulnerability reports, and *how long* we ask security researchers to wait before publicly disclosing vulnerabilities. - -If you have other cybersecurity related questions, please contact us at -[csirc@hhs.gov](mailto:csirc@hhs.gov). \ No newline at end of file diff --git a/tier0/{{cookiecutter.project_slug}}/CONTRIBUTING.md b/tier0/{{cookiecutter.project_slug}}/CONTRIBUTING.md index c4f549d..f2487a8 100644 --- a/tier0/{{cookiecutter.project_slug}}/CONTRIBUTING.md +++ b/tier0/{{cookiecutter.project_slug}}/CONTRIBUTING.md @@ -101,11 +101,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). --> diff --git a/tier0/{{cookiecutter.project_slug}}/README.md b/tier0/{{cookiecutter.project_slug}}/README.md index e5cc94f..c10caac 100644 --- a/tier0/{{cookiecutter.project_slug}}/README.md +++ b/tier0/{{cookiecutter.project_slug}}/README.md @@ -125,11 +125,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier1/{{cookiecutter.project_slug}}/CONTRIBUTING.md b/tier1/{{cookiecutter.project_slug}}/CONTRIBUTING.md index db3138b..e5bb6ca 100644 --- a/tier1/{{cookiecutter.project_slug}}/CONTRIBUTING.md +++ b/tier1/{{cookiecutter.project_slug}}/CONTRIBUTING.md @@ -102,11 +102,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier1/{{cookiecutter.project_slug}}/README.md b/tier1/{{cookiecutter.project_slug}}/README.md index 4ab3dc8..eb81111 100644 --- a/tier1/{{cookiecutter.project_slug}}/README.md +++ b/tier1/{{cookiecutter.project_slug}}/README.md @@ -117,11 +117,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier1/{{cookiecutter.project_slug}}/SECURITY.md b/tier1/{{cookiecutter.project_slug}}/SECURITY.md index 22768df..07342ef 100644 --- a/tier1/{{cookiecutter.project_slug}}/SECURITY.md +++ b/tier1/{{cookiecutter.project_slug}}/SECURITY.md @@ -9,7 +9,4 @@ Review the HHS Disclosure Policy and websites in scope: This policy describes *what systems and types of research* are covered under this policy, *how to send* us vulnerability reports, and *how long* we ask security -researchers to wait before publicly disclosing vulnerabilities. - -If you have other cybersecurity related questions, please contact us at -[csirc@hhs.gov](mailto:csirc@hhs.gov). \ No newline at end of file +researchers to wait before publicly disclosing vulnerabilities. \ No newline at end of file diff --git a/tier2/{{cookiecutter.project_slug}}/CONTRIBUTING.md b/tier2/{{cookiecutter.project_slug}}/CONTRIBUTING.md index 07463f4..947d4f6 100644 --- a/tier2/{{cookiecutter.project_slug}}/CONTRIBUTING.md +++ b/tier2/{{cookiecutter.project_slug}}/CONTRIBUTING.md @@ -179,11 +179,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier2/{{cookiecutter.project_slug}}/README.md b/tier2/{{cookiecutter.project_slug}}/README.md index 07e39bd..36547b6 100644 --- a/tier2/{{cookiecutter.project_slug}}/README.md +++ b/tier2/{{cookiecutter.project_slug}}/README.md @@ -113,11 +113,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier2/{{cookiecutter.project_slug}}/SECURITY.md b/tier2/{{cookiecutter.project_slug}}/SECURITY.md index 22768df..07342ef 100644 --- a/tier2/{{cookiecutter.project_slug}}/SECURITY.md +++ b/tier2/{{cookiecutter.project_slug}}/SECURITY.md @@ -9,7 +9,4 @@ Review the HHS Disclosure Policy and websites in scope: This policy describes *what systems and types of research* are covered under this policy, *how to send* us vulnerability reports, and *how long* we ask security -researchers to wait before publicly disclosing vulnerabilities. - -If you have other cybersecurity related questions, please contact us at -[csirc@hhs.gov](mailto:csirc@hhs.gov). \ No newline at end of file +researchers to wait before publicly disclosing vulnerabilities. \ No newline at end of file diff --git a/tier3/{{cookiecutter.project_slug}}/CONTRIBUTING.md b/tier3/{{cookiecutter.project_slug}}/CONTRIBUTING.md index 49ce9b5..4a5c79f 100644 --- a/tier3/{{cookiecutter.project_slug}}/CONTRIBUTING.md +++ b/tier3/{{cookiecutter.project_slug}}/CONTRIBUTING.md @@ -174,11 +174,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier3/{{cookiecutter.project_slug}}/README.md b/tier3/{{cookiecutter.project_slug}}/README.md index 619b9c5..704b652 100644 --- a/tier3/{{cookiecutter.project_slug}}/README.md +++ b/tier3/{{cookiecutter.project_slug}}/README.md @@ -113,11 +113,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier3/{{cookiecutter.project_slug}}/SECURITY.md b/tier3/{{cookiecutter.project_slug}}/SECURITY.md index 22768df..07342ef 100644 --- a/tier3/{{cookiecutter.project_slug}}/SECURITY.md +++ b/tier3/{{cookiecutter.project_slug}}/SECURITY.md @@ -9,7 +9,4 @@ Review the HHS Disclosure Policy and websites in scope: This policy describes *what systems and types of research* are covered under this policy, *how to send* us vulnerability reports, and *how long* we ask security -researchers to wait before publicly disclosing vulnerabilities. - -If you have other cybersecurity related questions, please contact us at -[csirc@hhs.gov](mailto:csirc@hhs.gov). \ No newline at end of file +researchers to wait before publicly disclosing vulnerabilities. \ No newline at end of file diff --git a/tier4/{{cookiecutter.project_slug}}/CONTRIBUTING.md b/tier4/{{cookiecutter.project_slug}}/CONTRIBUTING.md index a18a4ef..6d4fd0d 100644 --- a/tier4/{{cookiecutter.project_slug}}/CONTRIBUTING.md +++ b/tier4/{{cookiecutter.project_slug}}/CONTRIBUTING.md @@ -174,11 +174,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier4/{{cookiecutter.project_slug}}/README.md b/tier4/{{cookiecutter.project_slug}}/README.md index 4747b9b..ad5d099 100644 --- a/tier4/{{cookiecutter.project_slug}}/README.md +++ b/tier4/{{cookiecutter.project_slug}}/README.md @@ -103,11 +103,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). ### Security and Responsible Disclosure Policy -*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via -email or via GitHub Issues. Please use our website to submit vulnerabilities at -[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com). -HHS maintains an acknowledgements page to recognize your efforts on behalf of -the American public, but you are also welcome to submit anonymously. +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). diff --git a/tier4/{{cookiecutter.project_slug}}/SECURITY.md b/tier4/{{cookiecutter.project_slug}}/SECURITY.md index 22768df..07342ef 100644 --- a/tier4/{{cookiecutter.project_slug}}/SECURITY.md +++ b/tier4/{{cookiecutter.project_slug}}/SECURITY.md @@ -9,7 +9,4 @@ Review the HHS Disclosure Policy and websites in scope: This policy describes *what systems and types of research* are covered under this policy, *how to send* us vulnerability reports, and *how long* we ask security -researchers to wait before publicly disclosing vulnerabilities. - -If you have other cybersecurity related questions, please contact us at -[csirc@hhs.gov](mailto:csirc@hhs.gov). \ No newline at end of file +researchers to wait before publicly disclosing vulnerabilities. \ No newline at end of file