First pass: tighten incident response template structure and build pipeline runbook#1
Open
frameworks-volunteer wants to merge 9 commits intodevelopfrom
Open
First pass: tighten incident response template structure and build pipeline runbook#1frameworks-volunteer wants to merge 9 commits intodevelopfrom
frameworks-volunteer wants to merge 9 commits intodevelopfrom
Conversation
…nce#375) * content(add): Zoom hardening guide for opsec/endpoint (closes security-alliance#135) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: move Zoom hardening to guides, fix web portal settings paths - Move zoom-hardening.mdx from opsec/endpoint/ to guides/endpoint_security/ - Update all settings paths to use Zoom web portal (zoom.us/profile/setting): - Remote control: Settings > Meeting > In Meeting (Basic) > Remote control - Screen sharing: Settings > Meeting > In Meeting (Basic) > Screen sharing - Waiting room: Settings > Meeting > Security > Waiting Room - Passcode: Settings > Meeting > Security > Require a passcode - Recording: Settings > Meeting > Recording > Automatic recording - Join before host: Settings > Meeting > Security - Update vocs.config.ts sidebar (guides section) - Revert opsec/endpoint to single Overview link Addresses review feedback on PR security-alliance#375. * content(zoom-hardening): split hardening checklist into Required and Optional sections Required: Trail of Bits ELUSIVE COMET mitigations (disable remote control, host-only screen sharing, deny accessibility permissions, browser-based Zoom, SSO/OAuth, PPPC profiles/tccutil, remove desktop client). Optional: general best practices (waiting rooms, passcodes, auto-recording). Quick Reference table also split into Required/Optional subsections. Addresses review feedback on PR security-alliance#375. * docs(zoom-hardening): remove join-before-host + tighten language * fix: rename endpoint_security to endpoint-security (no underscores in paths) * fix: remove unrelated index file changes from PR * chore: remove redundant quick reference section per review * fix: revert auto-generated guides/index.mdx to develop state Reverts manual modification to auto-generated file per reviewer feedback. The endpoint-security entry will be added by the index generator. * fix: use account-management (dashes) in guides/index.mdx to match upstream The auto-generated index.mdx was regressing account-management back to account_management (underscores). Upstream already standardized on dashes. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…delines (security-alliance#376) * content(add): white hat frontrunning section in SEAL 911 war room guidelines (closes security-alliance#228) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(whitehat-frontrunning): attribute to SEAL, verify claims against upstream README - Change contributors from dickson to SEAL to match other playbooks - Verify all white hat frontrunning claims against pcaversaccio/white-hat-frontrunning README - Remove hallucinated claim about automatic bundle retry monitoring - Remove unverified tweet reference for batch ownership transfer - Remove fabricated EIP-7702 step about victim signing delegation authorization - Add actual transaction links from README for Degen and Zyfai rescues - Add direct link to community-examples directory - Condense section from ~50 lines to ~25 lines while preserving all accurate information --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…ty-alliance#332) (security-alliance#377) - New page: docs/pages/wallet-security/smart-contract-interaction-security.mdx - Add QuillAudits contributor to contributors.json - Add sidebar entry with dev: true Rebased cleanly on develop — no unrelated contributor changes.
…ity-alliance#378) * feat(certs): add Export All Certifications button to overview page Adds a single button on the certs overview page that generates one XLSX file containing all 6 SEAL certifications, each on its own worksheet. - New component: ExportAllCerts (fetches cert-data.json, generates XLSX) - New build script: generate-cert-data.js (extracts MDX frontmatter to JSON) - Build pipeline updated to generate cert-data.json before vocs build - Includes any user responses stored in localStorage from individual certs - Reuses existing ExcelJS formatting (SEAL purple headers, dropdown validation, frozen headers, auto-filters) Closes #TBD * fix: remove generate-cert-data from dev script, keep build-time only * Delete docs/public/cert-data.json * Update .gitignore to exclude cert-data.json Add .direnv to .gitignore and avoid certs data. --------- Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
…urity-alliance#398) -- verified (security-alliance#411) * Move sandboxing/isolation guidance from AI Security to DevSecOps (issue security-alliance#398) (cherry picked from commit 6f4e19c) * Rename sandboxing pages and remove AI-specific wording (issue security-alliance#398) (cherry picked from commit 6526afb) * Remove moved stub pages after DevSecOps consolidation (issue security-alliance#398) (cherry picked from commit 0c0fe91) * Expand DevSecOps sandboxing/isolation guidance with concrete controls and references (issue security-alliance#398) (cherry picked from commit f56ae55) * docs(devsecops): add links to key DevSecOps pages (cherry picked from commit 0be5d0c) * Reorganize DevSecOps isolation/sandboxing navigation (cherry picked from commit 6a4aecf) * docs(devsecops): group isolation guides under dedicated section * docs(devsecops): add key takeaway callouts to overview and isolation pages * docs(ai-security): add brief DevSecOps isolation reference and remove canonical wording * Delete docs/pages/config/index.mdx * docs(devsecops): remove legacy isolation moved-page stubs * docs(devsecops): tighten key takeaway bullet callouts * docs(devsecops): convert key takeaways to paragraph style * fix(devsecops): remove broken reference links --------- Co-authored-by: Matías Aereal Aeón <388605+mattaereal@users.noreply.github.com>
…indexes + minor change to the index generator and sync tags (security-alliance#413)
* Integrate incident response template into incident management * Remove attribution from imported incident response template pages * Fix incident response template MDX build issues * Reduce duplicated incident response content * Polish imported incident response formatting * Remove Obsidian wording from IR overview * Clean up remaining template placeholder text * Polish imported incident response metadata * Restructure incident response examples under templates * Move runbook template and remove incident attribution * Credit Nick on incident response template pages * Update contributors.json * Assign Isaac to incident response runbooks * Update docs/pages/incident-management/incident-response-template/runbooks/build-pipeline-compromise.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Remove unnecessary footer separators * Restore incident management attribution blocks * Update docs/pages/incident-management/incident-response-template/roles-and-staffing.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Update docs/pages/incident-management/incident-response-template/roles-and-staffing.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Update docs/pages/incident-management/incident-response-template/roles-and-staffing.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Update docs/pages/incident-management/incident-response-template/roles-and-staffing.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Update docs/pages/incident-management/incident-response-template/runbooks/build-pipeline-compromise.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Update docs/pages/incident-management/incident-response-template/runbooks/cdn-hosting-compromise.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Update docs/pages/incident-management/incident-response-template/runbooks/ddos-attack.mdx Co-authored-by: Sara Russo <sararusso984@gmail.com> * Remove in-content separators from incident response template --------- Co-authored-by: Sara Russo <sararusso984@gmail.com>
Sidebar Configuration ReminderThis PR includes added, renamed, or removed documentation files:
Please ensure that:
See Contributing Guide – Sidebar & Navigation for more details. This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message. |
frameworks-volunteer
force-pushed
the
matta/ir-template-tightening
branch
2 times, most recently
from
3940a32 to
f7a767c
Compare
frameworks-volunteer
force-pushed
the
matta/ir-template-tightening
branch
from
f7a767c to
e5d6c60
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR is a first pass on the recently added Incident Response Template section.
The goal is not to expand the section broadly, but to make it clearer, tighter, and more operationally credible without adding filler or speculative content.
This pass focuses on three things:
build-pipeline-compromise) into something more responder-orientedWhat changed
1) Clarified content taxonomy
Added concise framing so readers can understand what each layer is for:
incident-management/overview.mdxincident-management/playbooks/overview.mdxincident-response-template/overview.mdxincident-response-template/templates/overview.mdxincident-response-template/runbooks/overview.mdx2) Tightened a few absolute statements
incident-response-template/incident-response-policy.mdxincident-response-template/roles-and-staffing.mdxThese changes are meant to make the guidance more realistic and less doctrinal.
3) Upgraded the build pipeline compromise runbook
incident-response-template/runbooks/build-pipeline-compromise.mdxwas previously a thin stub. This PR upgrades it into a more credible example runbook by adding:What this PR does not do
Intentionally out of scope for this first pass:
I would rather leave gaps visible than fill them with weak or speculative guidance.
Why this scope
The Incident Response Template addition is already valuable, but right now it mixes:
This first pass tries to make that structure easier to understand, while also strengthening one page that felt materially underdeveloped.
Follow-up ideas (not included here)
Possible future passes, if useful:
frontend-compromiseanddependency-attack