From b39e2c4bdfb76c65e0b68109e94e5259a7a1362a Mon Sep 17 00:00:00 2001 From: Ed Costello Date: Thu, 18 Oct 2012 17:45:41 -0400 Subject: [PATCH] minor copy edits --- draft/administration/security.txt | 4 ++-- .../vulnerability-notification.txt | 22 ++++++++++--------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/draft/administration/security.txt b/draft/administration/security.txt index fd1f5e98a15..07c10204e62 100644 --- a/draft/administration/security.txt +++ b/draft/administration/security.txt @@ -6,7 +6,7 @@ Authentication and Security As with all software running in a networked environment, administrators of MongoDB must consider security risks and risk -exposures for the MongoDB deployment. There are no cure-alls for risk +exposures for a MongoDB deployment. There are no cure-alls for risk mitigation, and maintaining a secure MongoDB deployment is an ongoing process. This document takes a *Defense in Depth* approach to securing MongoDB deployments, and addresses a number of different methods for @@ -41,7 +41,7 @@ strategies to control access: You may further reduce risk by: -- requiring authentication for access to MongoDB accesses. +- requiring authentication for access to MongoDB instances. - requiring strong, complex, single purpose authentication credentials. diff --git a/draft/administration/vulnerability-notification.txt b/draft/administration/vulnerability-notification.txt index 3dea08234dd..b0a127b58c4 100644 --- a/draft/administration/vulnerability-notification.txt +++ b/draft/administration/vulnerability-notification.txt @@ -2,7 +2,9 @@ Vulnerability Notification ========================== -10gen values the privacy and security of all users of MongoDB, and we +.. default-domain:: mongodb + +`10gen `_ values the privacy and security of all users of MongoDB, and we work very hard to ensure that MongoDB and related tools minimize risk exposure and increase the security and integrity of data and environments using MongoDB. @@ -10,13 +12,13 @@ environments using MongoDB. Notification ------------ -If you believe you've discovered a vulnerability in MongoDB or a -related product, have experienced a security incident related to +If you believe you have discovered a vulnerability in MongoDB or a +related product or have experienced a security incident related to MongoDB, please report these issues so that 10gen can respond appropriately and work to prevent additional issues in the future. All vulnerability reports should contain as much information -as possible so that we can move easily to resolve the issue, in -particular, include the following: +as possible so that we can move easily to resolve the issue. +In particular, please include the following: - The name of the product. @@ -59,7 +61,7 @@ You may encrypt email using our `public key of a any sensitive information in your vulnerability report. 10gen will respond to any vulnerability notification received via -email via email which will contain a reference number (i.e. a ticket +email with email which will contain a reference number (i.e. a ticket from the SECURITY project,) Jira case posted to the `SECURITY `_ project. @@ -67,8 +69,8 @@ Evaluation ~~~~~~~~~~ 10gen will validate all submitted vulnerabilities. 10gen will use Jira -to track all communication regarding the vulnerability, which may -include requests for clarification and additional information. If +to track all communications regarding the vulnerability, which may +include requests for clarification and for additional information. If needed 10gen representatives can set up a conference call to exchange information regaining the vulnerability. @@ -76,9 +78,9 @@ Disclosure ~~~~~~~~~~ 10gen requests that you do *not* publicly disclose any information -regarding the vulnerability or exploit, until 10gen has had the +regarding the vulnerability or exploit until 10gen has had the opportunity to analyze the vulnerability, respond to the notification, -and if needed to notify key users, customers, and partners. +and to notify key users, customers, and partners if needed. The amount of time required to validate a reported vulnerability depends on the complexity and severity of the issue. 10gen takes all