This provides instructions for creating a security policy and process for handling vulnerability reports. Having a clear policy helps ensure vulnerabilities are handled properly.
Some key things the SECURITY.md should include:
Your preferred method(s) for receiving reports (email, HackerOne, etc)
Your expected timeline for responding and fixing issues
A PGP key if you want reports to be encrypted
Adding a SECURITY.md makes it easier for security researchers to responsibly disclose issues they find and helps keep your project secure. Looking forward to having this in place.
PrimalHQ/primal-web-app currently does not have a SECURITY.md file for reporting security vulnerabilities.
It would be great if you could create a SECURITY.md following GitHub's guidelines:
https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
This provides instructions for creating a security policy and process for handling vulnerability reports. Having a clear policy helps ensure vulnerabilities are handled properly.
Some key things the SECURITY.md should include:
Adding a SECURITY.md makes it easier for security researchers to responsibly disclose issues they find and helps keep your project secure. Looking forward to having this in place.