A security policy (SECURITY.md) is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities. GitHub recommends that projects have one.
There are two main ways to receive such disclosures:
register an email or website available to receive such reports; and/or
A security policy (SECURITY.md) is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities. GitHub recommends that projects have one.
There are two main ways to receive such disclosures:
If you want to use GitHub's reporting system, it must be activated for the repository:
I'll send a PR with a draft policy along with this issue.