Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Process for reporting possible security vulnerabilties #50

Open
kwwall-gri opened this issue Aug 31, 2021 · 0 comments
Open

Process for reporting possible security vulnerabilties #50

kwwall-gri opened this issue Aug 31, 2021 · 0 comments
Assignees
@jmanico
Labels
enhancement

Comments

@kwwall-gri
Copy link

I suggest creating a SECURITY.md file describing your security process for reporting any security vulnerabilities. I can be as simple as "Report the issue as an email to [email protected] with subject of 'Potential security vulnerability in X'" or however complicated as you want, but you probably do NOT want to have people by default report it publicly via GitHub Issues since generally anyone can read those for a public repository.

I'm not claiming either of these are perfect approach, but just throwing them out there as an idea if you wish to copy or get some ideas for creating your own:

or
@jmanico jmanico self-assigned this May 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmanico jmanico

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmanico @kwwall-gri and others