Update security information in docs. (gravitational#21054)

* Update security information in docs. Update README.md with some updated security and trust information. Additonally, update SECURITY.md to deprecate our email-based submission process with our current process via HackerOne. This change also removes the now-unused PGP public key document. * Update README.md Co-authored-by: Reed Loden <[email protected]> * Update Teleport download link to current page. --------- Co-authored-by: Reed Loden <[email protected]>
Somith11 · Feb 1, 2023 · 42a7be6 · 42a7be6
1 parent 3eff86f
commit 42a7be6
Show file tree

Hide file tree

Showing 9 changed files with 22 additions and 74 deletions.
diff --git a/README.md b/README.md
@@ -89,7 +89,7 @@ implementation. It is _fully compatible with OpenSSH_,
 
 | Follow the [Installation](https://goteleport.com/docs/installation/) Guide
 
-Download the [latest binary release](https://goteleport.com/teleport/download),
+Download the [latest binary release](https://goteleport.com/download),
 unpack the .tar.gz and run `sudo ./install`. This will copy Teleport binaries into
 `/usr/local/bin`.
 
@@ -331,19 +331,22 @@ We offer a few different options for support. First of all, we try to provide cl
 * If you want to contribute to Teleport or file a bug report/issue, you can create an issue here in Github.
 * If you are interested in Teleport Enterprise or more responsive support during a POC, we can also create a dedicated Slack channel for you during your POC. You can [reach out to us through our website](https://goteleport.com/pricing/) to arrange for a POC.
 
-## Is Teleport Secure and Production Ready?
+## Is Teleport Secure and Production-Ready?
 
-Teleport is used by leading companies to enable engineers to quickly access any
-computing resource anywhere. Teleport has completed several security audits from the nationally recognized technology security companies. We make some of our audits public, view our latest [audit reports](https://goteleport.com/resources/audits/).
-We are comfortable with the use of Teleport from a security perspective.
+Yes -- Teleport is production-ready and designed to protect and facilitate
+access to the most precious and mission critical applications.
+
+Teleport has completed several security audits from nationally and
+internationally recognized technology security companies. 
+
+We publicize some of our audit results, security philosophy and related
+information on our [trust page](https://trust.goteleport.com/).
 
 You can see the list of companies who use Teleport in production on the Teleport
 [product page](https://goteleport.com/case-study/).
 
-You can find the latest stable Teleport build on our [Releases](https://goteleport.com/teleport/download) page.
-
 ## Who Built Teleport?
 
-Teleport was created by [Gravitational Inc](https://goteleport.com). We have
+Teleport was created by [Gravitational, Inc.](https://goteleport.com). We have
 built Teleport by borrowing from our previous experiences at Rackspace. [Learn more
 about Teleport and our history](https://goteleport.com/about/).
diff --git a/SECURITY.md b/SECURITY.md
@@ -3,13 +3,10 @@
 ## Supported Versions
 
 The list of supported versions can be found
-[here](https://goteleport.com/teleport/download/).
+[here](https://goteleport.com/download/).
 
 ## Reporting a Vulnerability
 
-To make a security vulnerability report, email
-[[email protected]](mailto:[email protected]) with the full
-details, including steps to reproduce the issue.
-
-You can use the [PGP key](gravitational.asc) in this repo to encrypt the
-contents.
+To report a security vulnerability to us, visit our [HackerOne
+page](https://hackerone.com/teleport) and submit a report to us with full
+details, including steps to reproduce the issue.
diff --git a/docs/pages/application-access/getting-started.mdx b/docs/pages/application-access/getting-started.mdx
@@ -55,7 +55,7 @@ $ docker run -d -p 3000:3000 grafana/grafana
 
 On your Application Service host, download the latest version of Teleport for
 your platform from our
-[downloads page](https://goteleport.com/teleport/download).
+[downloads page](https://goteleport.com/download).
 
 ### Generate a token
 

diff --git a/docs/pages/application-access/guides/connecting-apps.mdx b/docs/pages/application-access/guides/connecting-apps.mdx
@@ -3,7 +3,7 @@ title: Web Application Access
 description: How to configure Teleport for Application Access.
 ---
 
-Download the latest version of Teleport for your platform from our [downloads page](https://goteleport.com/teleport/download)
+Download the latest version of Teleport for your platform from our [downloads page](https://goteleport.com/download)
 and follow the installation [instructions](../../installation.mdx).
 
 ## Start Auth/Proxy service

diff --git a/docs/pages/includes/database-access/start-auth-proxy.mdx b/docs/pages/includes/database-access/start-auth-proxy.mdx
@@ -3,7 +3,7 @@
 
 On the host where you will run the Auth Service and Proxy Service, download the
 latest version of Teleport for your platform from our
-[downloads page](https://goteleport.com/teleport/download) and follow the
+[downloads page](https://goteleport.com/download) and follow the
 installation [instructions](/docs/installation).
 
 Teleport requires a valid TLS certificate to operate and can fetch one

diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx
@@ -137,7 +137,7 @@ chart.
 
   The Teleport package in Homebrew is not maintained by Teleport and we can't
   guarantee its reliability or security. We recommend the use of our [official
-  Teleport packages](https://goteleport.com/teleport/download?os=mac).
+  Teleport packages](https://goteleport.com/download?os=mac).
 
   </Notice>
 

diff --git a/docs/pages/management/operations/tls-routing.mdx b/docs/pages/management/operations/tls-routing.mdx
@@ -56,7 +56,7 @@ balancers that do TLS termination. Use plain TCP passthrough load balancers
 
 ## Step 1/7. Upgrade to Teleport `8.0`
 
-Download Teleport `8.0` or later from the [downloads page](https://goteleport.com/teleport/download)
+Download Teleport `8.0` or later from the [downloads page](https://goteleport.com/download)
 or your enterprise portal and follow the standard [upgrade procedure](./upgrading.mdx).
 Make sure to upgrade both root and leaf clusters as well as `tsh` client.
 

diff --git a/docs/pages/try-out-teleport/linux-server.mdx b/docs/pages/try-out-teleport/linux-server.mdx
@@ -226,7 +226,7 @@ Install `tsh` on your local machine:
 
 <Tabs>
   <TabItem label="Mac">
-    [Download the MacOS .pkg installer](https://goteleport.com/teleport/download?os=mac) (`tsh` client only, signed) and double-click to run it.
+    [Download the MacOS .pkg installer](https://goteleport.com/download?os=mac) (`tsh` client only, signed) and double-click to run it.
   </TabItem>
 
   <TabItem label="Mac - Homebrew">
@@ -236,7 +236,7 @@ Install `tsh` on your local machine:
 
     <Admonition type="note">
       The Teleport package in Homebrew is not maintained by Teleport and we can't
-      guarantee its reliability or security. We recommend the use of our [own Teleport packages](https://goteleport.com/teleport/download?os=mac).
+      guarantee its reliability or security. We recommend the use of our [own Teleport packages](https://goteleport.com/download?os=mac).
 
       If you choose to use Homebrew, you must verify that the versions of `tsh` and
       `tctl` are compatible with the versions you run server-side. Homebrew usually

diff --git a/gravitational.asc b/gravitational.asc