BUG: missing security policy

SELinuxProject / selinux

This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to selinux@vger.kernel.org

Other

1.35k stars 360 forks source link

BUG: missing security policy #337

Closed pcmoore closed 2 years ago

pcmoore commented 2 years ago

There should be a well defined policy for handling serious bugs and security vulnerabilities in the code so that security researchers and others know how to report sensitive issues to the project. For reference here is the GH documentation on security policies:

https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

... as well as a simple example of the security policy we use for libseccomp:

https://github.com/seccomp/libseccomp/security/policy

pcmoore commented 2 years ago

Resolved with 2b6b5bd32eff8318ca3df8d7a522a35005c41cce.