-
Previously https://github.com/sfosc/sfosc/issues/85#issuecomment-505336323 I raised the idea of a single purpose website to explains security policies in an easy to link to format as a starting point.…
-
Hey there, I tried sending a security issue to "[sinatra-security@googlegroups.com](https://groups.google.com/group/sinatra-security)." but haven't heard anything back, is there any alternative ways t…
-
-
I propose implementing RFC 9116 and providing a security.txt. We would add one file per Opencast install. We could have a look at how Moodle does it. They point to a central security.txt on their serv…
-
And then perhaps add a page to exercism with responsible disclosure instructions + GPG key to sign or something like that, so we don't receive security issues in this repo :)
-
**Describe the bug**
https://certcc.github.io/CERT-Guide-to-CVD/tutorials/terms/cvd/ has a bogus target=blank tag in the responsible disclosure call-out box
-
Hey there team,
I have emailed a security advisory to tenderlove[at]ruby-lang[dot]org but haven't heard anything yet it's been 8 days. Hence, based on the security policy creating an issue here so…
-
Hey there, I reported a security issue through GH "GHSA-fprq-3m4c-vf28" but unable to get any feedback so far. Do any one know a better way to reach out to dev?
Thanks,
-
Hi,
I found an issue with the Divi contactform that exposes e-mailaddresses. Where should I contact you to disclose this?
Sincere,
Wouter Groenewold
-
*Description*:
Projects like Envoy proxy have a robust processe for vulnerability management, outlined [here](https://github.com/envoyproxy/envoy/blob/main/SECURITY.md). OSS control planes like Istio…