Skip to content

Cleanup security policies#332

Merged
gyro2009 merged 3 commits into
mainfrom
cleanup-security-policies
Jun 11, 2026
Merged

Cleanup security policies#332
gyro2009 merged 3 commits into
mainfrom
cleanup-security-policies

Conversation

@gyro2009

Copy link
Copy Markdown
Contributor

This pull request primarily updates documentation related to security processes and policies, with a focus on modernizing risk assessment practices and clarifying the responsibilities of security roles. The changes remove references to CVSS scoring in favor of a new risk assessment approach, update terminology, and improve clarity in several policy and guidance documents. Additionally, there are minor dependency and formatting updates.

Security Process and Risk Assessment Updates:

  • Replaced the CVSS-based risk assessment with a new approach using Inherent, Residual, and Target risk measures in ManagingSecurityConcerns.md. This includes updated definitions, process steps, and examples, and removes the detailed CVSS scoring section and its reference document. The process now emphasizes tagging risks appropriately and clarifies escalation procedures. [1] [2] [3] [4]
  • Updated the Security Champion responsibilities to focus on understanding and using security training and testing tools, rather than requiring expertise in pen testing or formal security qualifications. [1] [2]

Policy and Guidance Formatting Improvements:

  • Removed the CVSS Scoring Guidance link from the main security policy index, reflecting the move away from CVSS as the standard.
  • Improved table formatting for environment timeouts in the pipelines baseline policy and for step-by-step guidance in open coding documentation for better readability. [1] [2]

Dependency Update:

  • Updated the markdownlint-cli development dependency in package.json from version 0.45.0 to 0.48.0.

@snyk-io-eu

snyk-io-eu Bot commented Jun 10, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Comment thread security/ManagingSecurityConcerns/ManagingSecurityConcerns.md Outdated
Comment thread security/ManagingSecurityConcerns/ManagingSecurityConcerns.md
Comment thread security/ManagingSecurityConcerns/ManagingSecurityConcerns.md Outdated
Comment thread security/ManagingSecurityConcerns/ManagingSecurityConcerns.md Outdated
Comment thread security/SecurityChampions/SecurityChampionResponsibilities.md Outdated
Comment thread security/SecurityChampions/SecurityChampionResponsibilities.md

@LRileyUKHO LRileyUKHO left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks Great to lil old me!

@gyro2009 gyro2009 merged commit 8ffda23 into main Jun 11, 2026
3 checks passed
@gyro2009 gyro2009 deleted the cleanup-security-policies branch June 11, 2026 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants