Open homiecoder opened 1 year ago
Looks great! Go ahead and add this as a PR!
I'm curious what classes of security issues we expect to see reports of on our projects here, as it's largely a static site and supporting tooling to build it.
The text here refers to a bunch of GitHub-owned programs, which don't apply here (i.e. no one should be contacting GitHub's security team or bug bounty program in regards to a project that happens to be hosted on GitHub, only those actually owned and maintained by GitHub.
There could be an issue if some dependency is compromised. I also know that having a security.md is a signal towards good community standards.
I'm not objecting to the existence of a security.md
file, but I think we need to make sure this is tailored and relevant to our projects. IMHO this is a document that should be created as a result of defining security policies, not something boilerplate.
I can work with @homiecoder to make sure that we have a tailored file
The repo should contain security.md file to meet community standards.
I would like to work on this issue!
I have included an example security.md file below: