[security] Set security policy
Closed this issue · 1 comments
gabibguti commented
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and also raise awareness of when vulnerabilities will be confirmed, fixed and disclosed.
I recently recommended #261 and, like that change, this one also related to security and recommended by Github and Scorecard.
If you agree, I can open a PR to suggest a Security Policy. We can then work together to communicate how the repo can best handle vulnerability reports.
Additional Context
Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)
tkem commented
@gabibguti: PR would be welcome!