Skip to content

openmrs/security-docs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

OpenMRS Security Documentation

This repository is the canonical, version-controlled home for the OpenMRS community's security policies, processes, and guidance. Documents here are maintained through pull requests and reviewed by the OpenMRS Security Group.

Reporting a vulnerability? Do not open an issue here. Email security@openmrs.org or use GitHub private vulnerability reporting on the affected repository. See our vulnerability management policy for what to expect.

Why this repository exists

OpenMRS security documentation has historically lived across the wiki, Talk, and individual repositories. This repository consolidates policy-level documents in one reviewable, versioned place — following the pattern of projects like Kubernetes and the Eclipse Foundation security handbook. Where wiki pages and this repository conflict, this repository is authoritative for policy; the wiki remains the home for tutorials and implementation guidance.

Contents

Document Status
Security documentation recommendations — review of peer-project practices and the roadmap for this repository Published
Vulnerability reporting policy (SECURITY.md template for all OpenMRS repos) Planned
Supported versions & security backport policy Planned
Vulnerability scope statement (what is / is not a security issue; AI-generated report policy) Planned
Security response runbook (committer-facing) Planned
Security Group charter Planned
Severity rubric Planned
Advisory authoring guide Planned
Pre-notification list governance Planned
Shared-responsibility statement (HIPAA / GDPR / data-protection posture) Planned

Contributing

Improvements are welcome via pull request. Substantive policy changes require review by the Security Group. Discussion happens on OpenMRS Talk — please do not raise undisclosed vulnerabilities in public threads.

Related resources

About

Security conventions for the OpenMRS community

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors