Add SECURITY.md with vulnerability reporting and disclosure policy #274
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This introduces a SECURITY.md file to the project, outlining the OWASP dep-scan security policy. The file covers the following key points: - Supported versions and commitment to providing security updates - Instructions for reporting vulnerabilities to the project maintainer - Overview of the vulnerability management process - Statement on the current absence of a bug bounty program - Secure development practices followed by the project - Placeholder for acknowledging responsible vulnerability disclosures The main contact for reporting vulnerabilities is listed as prabhu@appthreat.com. This policy demonstrates the project's commitment to maintaining a secure codebase and handling vulnerability reports responsibly. It provides guidance to security researchers and users on how to engage with the project for security-related concerns. Please feel free to modify it in any way that you believe is suitable. Signed-off-by: Sooraj Sathyanarayanan <32236127+iAnonymous3000@users.noreply.github.com>
|
@iAnonymous3000 Thank you for this contribution! I think the content needs some changes. Will do it later. At the moment, we treat security issues as any other issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This introduces a SECURITY.md file to the project, outlining the OWASP dep-scan security policy. The file covers the following key points:
The main contact for reporting vulnerabilities is listed as prabhu@appthreat.com.
This policy demonstrates the project's commitment to maintaining a secure codebase and handling vulnerability reports responsibly. It provides guidance to security researchers and users on how to engage with the project for security-related concerns.
Please feel free to modify it in any way that you believe is suitable.