Sander3003
commented
1 year ago Todo: what would be a good proces?
Suggestion: Use a e-mail adres to report it; An LF energy maillinglist might be an option here (if it can be closed off enough)
Closed FredFousPro closed 1 year ago
Sander3003
commented
1 year ago Todo: what would be a good proces?
Suggestion: Use a e-mail adres to report it; An LF energy maillinglist might be an option here (if it can be closed off enough)
Sander3003
commented
1 year ago Sander3003
commented
1 year ago @AliouDIAITE can you update it in the SSF best pratices environement? If done, we can close this one.
AliouDIAITE
commented
1 year ago Done
Sander3003
commented
1 year ago Great news @AliouDIAITE , we do have control over the best practices badge ;)
In order to fully validate the silver level of OpenSSF Best Practices Badges for our project, we have to documented the process for responding to vulnerability reports.
Here is the requirement to meet: The project MUST have a documented process for responding to vulnerability reports. (URL required) [vulnerability_response_process] This is strongly related to vulnerability_report_process, which requires that there be a documented way to report vulnerabilities. It also related to vulnerability_report_response, which requires response to vulnerability reports within a certain time frame.
Here is the questionnaire : https://bestpractices.coreinfrastructure.org/en/projects/5925?criteria_level=1