Add a Security Policy #3151
Assignees
Labels
Component - Misc
Anything else (CODEOWNERS, etc.)
Priority - 1. High 🔼
These are important issues that should be resolved in the next release
Type - Improvement
Improvements that don't add a new feature or functionality
Type - New Feature
Add a new API call, functionality, or tool
Comments
Merged
byrnHDF
added
Priority - 1. High 🔼
|
In the mean time - is there an existing security contact email where advisory documents / new vulnerabilities should be sent? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey! I'm here again (see #2973) hoping to offer a bit more help with security enhancements.
This time I'm here to suggest that you expose a way that users can report eventual vulnerabilities in a safe and efficient way. This is usually described in a Security Policy, which is a GitHub standard document (SECURITY.md) added on the root of the repo and will be visible to the users in the "Security Tab".
It is a recommendation from Github itself, and from Scorecard (being a security measure of medium priority).
Aiming to make this change easier, I'll take the liberty of submitting one suggestion of a Security Policy as a PR. Please feel free to edit it directly or ask me for editions until it is in compliance with how HDFGroup/hdf5 would best handle vulnerability reports.
The text was updated successfully, but these errors were encountered: