Closed am0o0 closed 1 year ago
am0o0
commented
3 years ago The content of "Create a security.md file" issue should indicate to maintainers that create a good policy including what security config should be set when bug hunters create a self-hosting of their application and also indicate what kind of vulnerabilities can't be accepted.
JamieSlome
commented
2 years ago @amammad - thanks for the idea here!
We are unlikely to implement this in the short term, as we recently released improvements to the maintainer outreach process. That said, we may circle around again once we re-focus attention on existing issues that may be occurring with the outreach mechanisms.
psmoros
commented
1 year ago tracked in #2129
If there is a option for hackers to send automatically "Create a security.md file" request to each repository that they want to work on it, this is going to very good in my opinion... Because after a repository create a policy, hackers better and better can find vulnerabilities according to maintainer desires(policies) Of course the "Create a security.md file" content should be altered according to this propose.