Hi I'm from Google working with the OpenSSF to improve supply chain security of many relevant open source projects such as OpenGL-Registry.
Please consider creating a Security Policy to the project. A Security Policy is a GitHub standard document (SECURITY.md) that can be seen in the "Security Tab" to instruct users about how to report vulnerability in the safest and most efficient way possible.
Together with this issue I'll submit one suggestion of Security Policy, feel free to edit it directly or ask me for editions until it is in compliance with how OpenGL-Registry would best handle vulnerability reports.
Hi I'm from Google working with the OpenSSF to improve supply chain security of many relevant open source projects such as OpenGL-Registry.
Please consider creating a Security Policy to the project. A Security Policy is a GitHub standard document (
SECURITY.md) that can be seen in the "Security Tab" to instruct users about how to report vulnerability in the safest and most efficient way possible.It is a Scorecard Recommendation (being one check of medium priority) and a Github Recommendation.
Together with this issue I'll submit one suggestion of Security Policy, feel free to edit it directly or ask me for editions until it is in compliance with how OpenGL-Registry would best handle vulnerability reports.