Closed natalialuzuriaga closed 5 months ago
I might be wrong about this, so correct me if I am, but I think the idea for README.md is to include a reference each of our policies (LICENSE.md, CONTRIBUTING.MD, SECURITY.md) and then the policies live in separate files so that we don't have to put all the information into the README.md directly?
This also makes is easier for us to make atomic changes to many SECURITY.md policies across many repos, without needing to touch the README.md or other documentation, that might vary widely from project to project.
Lemme know if I've got it twisted tho :)
Discussed Remy's thoughts above and came to this conclusion: We decided to include SECURITY.md as part of our documentation for maturity models. Updating SECURITY.md to include content from entire Security policy section of the README.md. Will be replacing the README.md section with the vulnerability submission blurb and one-liner
Closing this PR as a result^
Delete SECURITY.md
Problem
As part of our outbound review process, we are cleaning up our repo and removing unnecessary files including SECURITY.md
Solution
This file is no longer needed since the README.md and CONTRIBUTING.md has a section that includes this Security and Responsible Disclosure Policy.