You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and also raise awareness of when vulnerabilities will be confirmed, fixed and disclosed.
I recently recommended #261 and, like that change, this one also related to security and recommended by Github and Scorecard.
If you agree, I can open a PR to suggest a Security Policy. We can then work together to communicate how the repo can best handle vulnerability reports.
Additional Context
Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)
The text was updated successfully, but these errors were encountered:
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and also raise awareness of when vulnerabilities will be confirmed, fixed and disclosed.
I recently recommended #261 and, like that change, this one also related to security and recommended by Github and Scorecard.
If you agree, I can open a PR to suggest a Security Policy. We can then work together to communicate how the repo can best handle vulnerability reports.
Additional Context
Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)
The text was updated successfully, but these errors were encountered: