You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! Would you consider accepting a suggestion of a security policy?
GitHub recommends that projects have a Security Policy (SECURITY.md). This is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities.
There are a few ways to receive such disclosures:
have an email or website available to receive such reports; and/or
Click "Enable" for "Private vulnerability reporting (Beta)"
Let me know if such PR would be welcome which disclosure method would you perfer. I personally recommend the github vulnerability report feature to make the process simpler.
Thanks!
Disclosure: I am working with Google and the Linux Foundation's Open Source Security Foundation (OpenSSF) to improve the supply-chain security of important open source projects.
The text was updated successfully, but these errors were encountered:
Hi! Would you consider accepting a suggestion of a security policy?
GitHub recommends that projects have a Security Policy (SECURITY.md). This is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities.
There are a few ways to receive such disclosures:
If you're interested in GitHub's feature, it must be activated for the repository:
Let me know if such PR would be welcome which disclosure method would you perfer. I personally recommend the github vulnerability report feature to make the process simpler.
Thanks!
Disclosure: I am working with Google and the Linux Foundation's Open Source Security Foundation (OpenSSF) to improve the supply-chain security of important open source projects.
The text was updated successfully, but these errors were encountered: