Open daveschaefer opened 11 years ago
We should post a security policy on the site. Partially inspired by http://blog.erratasec.com/2013/08/the-rob-test-12-steps-to-safer-code.html
Dan says: "any possible security issue issue needs to be treated with high priority + clear notification".
Part 1: response plan Part 2: advisory page that shows past critical security bugs and what we did about them.
Draft and post to the mailing list for feedback.
We should post a security policy on the site. Partially inspired by http://blog.erratasec.com/2013/08/the-rob-test-12-steps-to-safer-code.html
Dan says: "any possible security issue issue needs to be treated with high priority + clear notification".
Part 1: response plan Part 2: advisory page that shows past critical security bugs and what we did about them.
Draft and post to the mailing list for feedback.