WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Process for reporting possible security vulnerabilties #50

New issue
New issue
Closed
#87
Closed
Process for reporting possible security vulnerabilties#50
#87
Assignees
jmanico
Labels
enhancement
@kwwall-gri

Description

@kwwall-gri
kwwall-gri
opened on Aug 31, 2021

I suggest creating a SECURITY.md file describing your security process for reporting any security vulnerabilities. I can be as simple as "Report the issue as an email to [email protected] with subject of 'Potential security vulnerability in X'" or however complicated as you want, but you probably do NOT want to have people by default report it publicly via GitHub Issues since generally anyone can read those for a public repository.

I'm not claiming either of these are perfect approach, but just throwing them out there as an idea if you wish to copy or get some ideas for creating your own:

or

Metadata

Metadata

Assignees

Labels

enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions