Create a Security Policy
joycebrum opened this issue · 1 comments
Hi again, I'd like to suggest another security issue:
GitHub recommends that projects have a Security Policy (SECURITY.md). This is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities.
There are a few ways to receive such disclosures:
- have an email or website available to receive such reports; and/or
- use GitHub's private vulnerability reporting feature.
It can also be configured to the entire organization instead of one file per repo. Let me know if this would interesting to KhronosGroup.
I'll send a PR with a draft policy along with this issue.
Thanks!
Thanks for prompting this.
KhronosGroup repositories have individual governance, so let's keep these on a repo-by-repo basis.
The SPIR Working Group at Khronos manages the contents, incoming issues, and policies for this repo. I'll make sure this gets proper review.