Following the discussion opened by @bcebere and @bayegaspard on Slack, I think that it could be useful to set up an organization-wide security policy, mostly for vulnerability disclosure. Individual repos could still add their specific instructions and security models, but this organization-wide policy would provide a good default (e.g. with an email address to contact OpenMined's quality/security team).
Following the discussion opened by @bcebere and @bayegaspard on Slack, I think that it could be useful to set up an organization-wide security policy, mostly for vulnerability disclosure. Individual repos could still add their specific instructions and security models, but this organization-wide policy would provide a good default (e.g. with an email address to contact OpenMined's quality/security team).
Here are a few resources: