Add a security policy
pnacht opened this issue · 1 comments
pnacht commented
A security policy (SECURITY.md) is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities. GitHub recommends that projects have one.
There are two main ways to receive such disclosures:
- register an email or website available to receive such reports; and/or
- use GitHub's private vulnerability reporting feature (in beta)
If you want to use GitHub's reporting system, it must be activated for the repository:
- Open the repo's settings
- Click on Code security & analysis
- Click "Enable" for "Private vulnerability reporting (Beta)"
I'll send a PR with a draft policy along with this issue.
pnacht commented
Hey, let me know if this is something you'd would be interested in. Otherwise, feel free to close!