Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Adding a Security Policy #517

Open
fraxken opened this issue Apr 9, 2023 · 1 comment
Open

Adding a Security Policy #517

fraxken opened this issue Apr 9, 2023 · 1 comment

Comments

@fraxken
Copy link

fraxken commented Apr 9, 2023

Hello 👋

I have noticed that some security issues has been reported using public issue like:

To improve this next time you could add a SECURITY.md file at the root (what we call a Security Policy). It will provide information to security researchers and developers such as:

  • how to contact the maintainers (or the team in charge of security)
  • disclosure timeline

See Guide to implementing a coordinated vulnerability disclosure process for open source projects for better description.

In my projects I use the newest Github feature to report private vulnerability. Example of my file here.

To enable it just go to Settings and enable Private vulnerability reporting.

I wrote an article that explains how to securize a project or orgization on GitHub in hope to help fellow maintainers: https://dev.to/nodesecure/securize-your-github-org-4lb7

If you need any help do not hesitate

Best regards,
Thomas
@tommymarshall
Copy link

This would be a welcome addition. Enterprise application run security checks and this particular vulnerability is a blocker for using many other packages.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tommymarshall @fraxken