Skip to content
main
Switch branches/tags
Code
This branch is up to date with main.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

Guide to coordinated vulnerability disclosure for open source software projects

This repository is a set of resources and reference materials to help open source projects perform coordinated vulnerability disclosure (CVD).

This repository contains:

Getting Started

If you are new to coordinated vulnerability disclosure, it is recommended you start with the Guide. While it is dense, you will want to be familiar with this information and the concepts presented before you need to address a vulnerability report.

If you are familiar with coordinated vulnerability disclosure, you can get a refresher by skipping to the Response Process section of the Guide, or go straight to the Runbook.

Feedback

We welcome feedback from OSS project maintainers and security researchers on this guide. Opening a GitHub Issue is the best way to send feedback (see CONTRIBUTING.md for directions on submitting PRs).

About

A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.

Resources

License

Code of conduct

Releases

No releases published

Packages

No packages published