From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web11.54892.1679963174996699125 for ; Mon, 27 Mar 2023 17:26:15 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=YP1SW182; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: miki.demeter@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1679963174; x=1711499174; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=LVh19km7MCRY+8zulxfICqKP4yDWxLoAAneUBBKUego=; b=YP1SW182BbV/KIo/IpRCmt4K++EwD1lNv3MmUlHYxW7VzJB04CLiVZsS u2nuwEnKzAdoTDGAZBLZ6xtUUmy5gMwu6O4dGWDODargMIvJqIRhtHdf7 VIvgngl25vhOr5jNC4oH8+g+WKKAHGxEQIIdAhdTPThXjzBlbuGM+eDyf a3vR5c05szZIi6d7if6Cif8s/wJ9Xe00D0OpDIImNz5Y2lNjsiv+nmY0U OEgUGCekuVbDBcxcuJ7gcLMks/QlOIGDQxpeWfdua3NXKPR2kgF+sGHz5 oXL9GnDiA4msSoSV7sBw5hovh3LD7HaVFdVXC0Tcj4lBRGSkDp6MKe9eJ g==; X-IronPort-AV: E=McAfee;i="6600,9927,10662"; a="339152434" X-IronPort-AV: E=Sophos;i="5.98,295,1673942400"; d="scan'208,217";a="339152434" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Mar 2023 17:26:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10662"; a="772928516" X-IronPort-AV: E=Sophos;i="5.98,295,1673942400"; d="scan'208,217";a="772928516" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by FMSMGA003.fm.intel.com with ESMTP; 27 Mar 2023 17:26:06 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Mon, 27 Mar 2023 17:26:06 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Mon, 27 Mar 2023 17:26:05 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Mon, 27 Mar 2023 17:26:05 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.108) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Mon, 27 Mar 2023 17:26:05 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RJ5JNp81sskQQaNj4kRhKqEfEkZJK4WIno8D28Ch7GsslyXBvTYJ9yKJ1vbpQStbs54rAHg0tE2sGcteenGgi6fBkor8i+3Nm2uNx4s3QQBkNqyEWKGpifDx7qh2cNIrQX2YLyp7b4qT66nAI34HmJT9lzfUfTJt3aDDmQNG6r5slZOoX5vx5tgaqKz4Sk1lNbY/FS4KXYDaDJXBxeMnCbXZ/rlCIb9PCcm6zil/8jTbb79sLwBJr3o4I4W4UyPZ/j9hIqgh61ob+m3rWCf9fF1RJV3wb6SUwmD1/MvlV+eElGED8du9zjjPAjDdxJ5RQNvsHTUOHuHod/oekVyf9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eY+qPpGhhfFDJSJ3KMUpDx6+wYr1tZz84y5mDw5TlGw=; b=ZbUnBveF6Fr77mYWhjNzz9wCbglOJk5zN0eVjs0Ay51sNH0vVj93oj8VI7XfNzadKElrl08cZoEq9wjEjEAkV1G00dvaYrsPXK2caLGhrAis2qDdyce3xx5tdk+a/h3knNUgqCyL8NeGuoAvRt6SNiinCU3L1zPmm37X/4nsjAk1k0IVxtgqsE8V//cL/74MiNhA8fDWbO4VCBjK5At5s5S7L1cEPYWCcmaZNDZRjECH/7l53s4jGtJPt+MCTbYz/AQD8a69G/T4luNgoSZlM+d0fufc9PylUIcUHWnTCKTZDHwqIj+qI4W2vMYzH6fJwp0oJvqgHEajp65glSJHGQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from DS0PR11MB6445.namprd11.prod.outlook.com (2603:10b6:8:c6::11) by MN2PR11MB4758.namprd11.prod.outlook.com (2603:10b6:208:260::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6222.32; Tue, 28 Mar 2023 00:26:04 +0000 Received: from DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::df74:96eb:3b1d:457]) by DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::df74:96eb:3b1d:457%9]) with mapi id 15.20.6156.028; Tue, 28 Mar 2023 00:26:03 +0000 From: "Demeter, Miki" To: Kun Qin , "devel@edk2.groups.io" CC: Andrew Fish , Leif Lindholm , "Kinney, Michael D" , Sean Brogan Subject: Re: [PATCH v1 0/1] Define security policy in SECURITY.md file for repository Thread-Topic: [PATCH v1 0/1] Define security policy in SECURITY.md file for repository Thread-Index: AQHZUr+FxbtO5kKZ80i97Zi14o9gq68PciCa Date: Tue, 28 Mar 2023 00:26:03 +0000 Message-ID: References: <20230309194351.1024-1-kuqin12@gmail.com> In-Reply-To: <20230309194351.1024-1-kuqin12@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DS0PR11MB6445:EE_|MN2PR11MB4758:EE_ x-ms-office365-filtering-correlation-id: 350cccba-6cb0-4973-5db9-08db2f2303a6 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: YR3MIFpeLHEuN80oaCxKgiDR6ms03UFDG73ipQBgcuqkVzGRoUM99bikT30QQLEeWykHwVwzwjW5nkh7XepaPFQMWWWl/8YlYMDkhvXab2R/a80WxFLIv/l6UtNUuaqNS7RLSpTvi3wjIArGgNYUW3OVpCCJo6viEdaRT0DjI1CwZbGzqwh5zXIxfLql/Oulllrnv6/cBxc6pIV5+AJ2A9YvgUu/nRFrrc2dTgkSoOSwAaIYKtTX2co+pnmSXJPcmwE/O+pImTXbiGH1ww8m/IHLdsgK701NLtZrrhBYRRyI9gjYhAw1oWZNNos+KmajABd1kJ60e/HRl9w5o8IAHXM4C4aAMsLifc6utvYTEzl6kfn6a+mWlT09UOojhoRcMBho8yiQgyxaio6DW/87pssqDvT+SpbrdV7n7obb0SxSxAyb9a7PVUYtScFpSjNZZKsQZOB8GdbuAacyQqxEmG1e7tRxF/7agN+iJSQa8gGzrhJ6LCOfHifOtL2mj7eZTokSwx0eGt7p72+At7c+NmX2zvugBvCRyfHiAbfjcU6oObo56IJrT9KlBN3McyGoxqOmtSo4nbYnJWvPJ/rLWZNK/w2ls8NlPABDegZJ2AfkNvafNKkKAdOnmDEIfCsOLD9VJQT8AxcfYWfjJAAMJQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6445.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(136003)(39860400002)(346002)(396003)(366004)(376002)(451199021)(38070700005)(86362001)(55016003)(33656002)(40140700001)(15650500001)(166002)(2906002)(478600001)(45080400002)(83380400001)(7696005)(71200400001)(966005)(38100700002)(53546011)(54906003)(9686003)(110136005)(91956017)(4326008)(66946007)(76116006)(6506007)(55236004)(8676002)(66446008)(66556008)(66476007)(64756008)(122000001)(316002)(8936002)(52536014)(26005)(186003)(82960400001)(5660300002)(41300700001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?HRQWxn9LWvFpKLkOeBNIx+D9PKnoJv4OTZSrswlLE1ja36Lb0RDXFiuREyKu?= =?us-ascii?Q?+zmBlWfTwSpiBVM4o2zT3yxL3UpE4cFn/H6xgEN0NdFejWdI88Thr02F0DhB?= =?us-ascii?Q?fnD4NZwx5ec1djplyHgXsrwA4hrxkh67ErG3fLyzKx02+wFQvovm+GcC28OO?= =?us-ascii?Q?XSwn1PiRSW6oMYxf1/8q/duRl5jroNPLpBT6MyzJoxxked15dy016QNI61J4?= =?us-ascii?Q?8ZMZeXBn4GHrycFz5itmWLZ9bHjGPO1cOn0AypNeE7rNvc8m7NYO7Wjy3zLK?= =?us-ascii?Q?g4REkaIiRtKe/kMJQcWTJpzQMQpCh9voILUySl8004qmcs73HTb8DDde/9fg?= =?us-ascii?Q?CGd9o+AJ0W+OmJwrDSYVceL8Gy+6E/vyoqJkjS1rk40fMX1m+ChUqHJdGN/A?= =?us-ascii?Q?r5rxD5QxfUwdnCA9TXobzYGzKf7MJS1EC25DoRdyzgywZWjpRO8UQpHjEnXI?= =?us-ascii?Q?/kfC7F1nF1jNyIydOgozsbu1cw5l7kj/wqnuqd4771xhoB55snAC2HeU8JgQ?= =?us-ascii?Q?NBjiQC9rs4g7Fb34A0fXYVEh3+/VIcmmRelnYf3by7iNw2/W6e7Uya2yIQvV?= =?us-ascii?Q?G5nU/qBREscEE1LsRh8y+HnKz5NFD1CxHp0j8cFfCfZB87/VU4hLCW06i9N/?= =?us-ascii?Q?0od4VTfBq0KslFGwO5NfNz6RjAsDMPbTBfUa6r1QklV/4pS0jTMrniXLqThE?= =?us-ascii?Q?H/9APTV/BX+N+wyW3hodTomwHBcgCuRdnZRA9OitbIW7ptPgZEcAr/zb8tXM?= =?us-ascii?Q?XyTXEmauD64aYJmUhUfkC7s7q1GWx+DSgeXAHbzYygNUD4Ff2ElrHLjEkLEf?= =?us-ascii?Q?+aboSSuY2gFD+br3v11R9En+EQMyAzvVrXPTcIIFemzjdxtLuKM0rWscBuAB?= =?us-ascii?Q?vrSqBBjI6BIzPktjw1+qZW2P9srwdH8vt7bsHo+QXyyh5+7SPHOp4l+DL8Z+?= =?us-ascii?Q?stYTsMp09LXPLEMw/6dDu5ZxAKxr4kNV6DqvGonkdnuQdIO7Oxr1r1bQ1P9X?= =?us-ascii?Q?qGIhj6nEvgEcPfOoRyicu8qfjcUhxFCnQZEx4ZnKO/n5JdicSMakzcjh4lIy?= =?us-ascii?Q?+Y6fHr8xNnUzgHi1zHIx7YBnL/OMJj9kPhHiCfEozdZ7vwuT+yG9O7GWK6aj?= =?us-ascii?Q?8l5hW+F2AjPJg+otgtUgg4p4WIMufulhTItKtdm7tcEV4/x5yD7hFYTqHrio?= =?us-ascii?Q?8Z4Yg5uovszlaRD00xeyfe1MGbaU+GGnOc5OZQbt0FJ47RMkrI23HnYXRY7V?= =?us-ascii?Q?51sW694M1+cVtNBQCjHi65sbEAWgPHa/u9QixKVUkqUJXB64uHRnwgqtT/dc?= =?us-ascii?Q?Y7p3RaIQoZ9wNhqBuqIarhHnCQBpPvuhjWNLg9sQBgvgQHy5FfNo2UgE9tbS?= =?us-ascii?Q?2ogRnZty4/zq5UhgrHpPcWlqTa/c9XGExNMZXf+og3Q7tqkcftElmD0Ohe7b?= =?us-ascii?Q?lBXPYp66Q5QCF/n6OtRlpHSCqvAgN/nLCQHrec+M2/FYp/0UnsT5gWxUfdDc?= =?us-ascii?Q?+FVLcHB5w7OR8duY80RZLF9KOYhjmbIVCewItQ+mMuJFyLw67WzanGgRz3PG?= =?us-ascii?Q?NIFv9EM6AnmgGMHZ70lkNuT/rMWo4KMw3YkgeRq+TYPpfmvREAOQe+fgymPJ?= =?us-ascii?Q?5g=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6445.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 350cccba-6cb0-4973-5db9-08db2f2303a6 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2023 00:26:03.4183 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GOSfKNiLSmopHUwlwTqqkUgaLoO39XYZ3MNrseOU42pjPIxJfbz5ItGgp0C8Me+xl8TdeLt23zes5s7ID5jL9w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4758 Return-Path: miki.demeter@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_DS0PR11MB64454C6AB3049AE175C4CBB38D889DS0PR11MB6445namp_" --_000_DS0PR11MB64454C6AB3049AE175C4CBB38D889DS0PR11MB6445namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Ack Need to get this acked by others in infosec too -- Miki Demeter (she/her/Miki) Security Researcher / FW Developer FST Intel Corporation Co-Chair, Network of Intel African-Ancestry(NIA) - Oregon NIA-Oregon Portland Women in Tech Best Speaker miki.demeter@intel.com 503.712.8030 (office) 971.248.0123 (cell) From: Kun Qin Date: Thursday, March 9, 2023 at 1:44 PM To: devel@edk2.groups.io Cc: Andrew Fish , Leif Lindholm , Kinney, Michael D , Demeter, Miki , Sean Brogan Subject: [PATCH v1 0/1] Define security policy in SECURITY.md file for repo= sitory This change added a markdown file as a policy guideline for Tianocore EDK2 community to handle security sensitive reports. Patch v1 branch: https://github.com/kuqin12/edk2/tree/patch-1 Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Cc: Miki Demeter Cc: Sean Brogan Sean Brogan (1): Define security policy in SECURITY.md file for repository SECURITY.md | 33 ++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 SECURITY.md -- 2.37.1.windows.1 --_000_DS0PR11MB64454C6AB3049AE175C4CBB38D889DS0PR11MB6445namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Ack

 

Need to get this acked by others in infosec too=

 

 

-- 

Miki Demeter (she/her/Miki)

Security Researcher / FW Developer

FST

Intel Corporation

 

Co-Chair, Network of I= ntel African-Ancestry(NIA) - Oregon<= o:p>

NIA-Oregon<= /a>

 

Portland Women in Tech Best Speaker

miki.demeter@intel.com

503.712.8030 (office)

971.248.0123 (cell)

 

 

From: Kun Qin <kuqin12@gmail.com>
Date: Thursday, March 9, 2023 at 1:44 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Andrew Fish <afish@apple.com>, Leif Lindholm <quic_llin= dhol@quicinc.com>, Kinney, Michael D <michael.d.kinney@intel.com>,= Demeter, Miki <miki.demeter@intel.com>, Sean Brogan <sean.brogan@= microsoft.com>
Subject: [PATCH v1 0/1] Define security policy in SECURITY.md file f= or repository

This change added a markdown file as a policy guideline for Tianocore EDK2<= br> community to handle security sensitive reports.

Patch v1 branch: h= ttps://github.com/kuqin12/edk2/tree/patch-1

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Miki Demeter <miki.demeter@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>

Sean Brogan (1):
  Define security policy in SECURITY.md file for repository

 SECURITY.md | 33 ++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 SECURITY.md

--
2.37.1.windows.1

--_000_DS0PR11MB64454C6AB3049AE175C4CBB38D889DS0PR11MB6445namp_--