docs: fix redirecting urls in markdown files#352
Conversation
|
|
||
| The recommended mechanism for reporting possible security vulnerabilities follows | ||
| so-called "Coordinated Disclosure Plan" (see [definition of DCP](https://vuls.cert.org/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance) | ||
| so-called "Coordinated Disclosure Plan" (see [definition of DCP](https://certcc.github.io/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance/) |
There was a problem hiding this comment.
As per Claude review:
SECURITY.md CERT link — trailing slash and shaky destination. The new URL is
https://certcc.github.io/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance/ — a Confluence-style path served from GitHub Pages, ending in /. It currently returns 200 because it's the redirect target of the old vuls.cert.org URL, but this looks like a mirror that may not be stable long-term.
The canonical CERT/CC guidance now lives at https://www.cert.org/vulnerability-analysis/vul-disclosure.cfm or under CMU SEI.
Worth double-checking with maintainers whether they'd prefer the SEI page; at minimum, the trailing slash on a Confluence-style URL is suspicious.
...
Consider replacing with the SEI CERT/CC page (e.g. https://www.cert.org/vulnerability-analysis/vul-disclosure.cfm or
https://insights.sei.cmu.edu/.../coordinated-vulnerability-disclosure-process/) instead — those are more likely to outlive a GitHub Pages mirror.
cowtowncoder
left a comment
cowtowncoder
left a comment
There was a problem hiding this comment.
Looks good overall, just one concern wrt SECURITY.md link; when that is resolved, happy to merge!
2 participants
fix: normalize and repair broken markdown URLs