Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a Security Policy #309

Open
postmodern opened this issue Jun 4, 2021 · 1 comment
Open

Add a Security Policy #309

postmodern opened this issue Jun 4, 2021 · 1 comment
Assignees
@postmodern
Labels
documentation

Comments

@postmodern
Copy link
Member

postmodern commented Jun 4, 2021
edited

Add a SECURITY.md file explaining how to report vulnerabilities in bundler-audit.

  • Which email address should they be sent to? (rubysec's mailing list or my email addres?)
  • Which PGP key, if any, should be used to encrypt emails? (I can volunteer my PGP pubkey)

/cc @reedloden
@postmodern postmodern self-assigned this Jun 5, 2021
@reedloden
Copy link
Member

I'm a bit biased here due to it being my employer (and the fact that I manage this particular offering), but HackerOne offers a completely free version for open source projects. Might I suggest that as an alternative to email and PGP? Ruby, Rails, and RubyGems all use it already, just as examples.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@postmodern postmodern

Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@postmodern @reedloden