-
@yegor256, similar to what one finds in companies doing in https://www.hackerone.com/ I suggest we define a bug bounty program for both Zold and the web wallets projects.
Here's more detail of what…
-
I'd like to use this issue to talk about what elements we'd like to see in a security policy that could be easily used by open source projects and maintainers that describes their security practices.
…
-
We should decide on and document our security and release policies.
Since any vulnerability will require critical updates for CMSes that depend on the package (Drupal, TYPO3, etc.), I suggest we f…
-
In terms of a PR temp, maybe something like this would be good:
```
### New Pull Request Checklist
- [ ] This is not a vulnerability disclosure. If it is, [report here](https://github.com/par…
-
Document Title:
===============
Tiny MySQL - Cross Site Scripting Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2252
Releas…
-
Document Title:
===============
ImportExportTools NG 10.0.4 - HTML Injection Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2308
…
-
### Problem
I am new to Rust and working through [the Rust Book](https://doc.rust-lang.org/book/).
`cargo login`'s default syntax encourages users to pass their secret registry authentication toke…
-
The Drupal project is considering adding this library as one of our dependencies in order to support the [tabbable](https://github.com/focus-trap/tabbable) library in IE11. Before adding _any_ depend…
-
So, I'm going through the exercise of writing down a security policy for [a soon-to-be-released project of mine](https://github.com/HadrienG2/hwlocality), and it's the first time I do this sort of thi…
-
As a subgroup of OpenSSF, we must think about security first and foremost. I am recommending creating a standard for all of SLSA repositories, builds, and scanning. I know we won't get here overnigh…