Skip to content

Latest commit

 

History

History
16 lines (12 loc) · 771 Bytes

SECURITY.md

File metadata and controls

16 lines (12 loc) · 771 Bytes

Reporting Security Issues

Please report security issues confidentially using GitHub's form.

Note: Please do not report such issues publicly on the issue tracker. The *issue tracker is intended for bug reports and feature requests.

Responding to Reports

A SBOMit maintainer will respond to the report as soon as possible. After the report is triaged and the vulnerability is confirmed, a fix will be prepared under embargo. Once the fix is accepted, a new release will be prepared along with a report detailing the vulnerability. This report will identify the reporter unless they request to be kept anonymous. Finally, a CVE may be requested if appropriate for the vulnerability report.