Create a security policy

Erb3 commented 1 month ago

Please create a security policy detailing contact information, as this helps security researchers privately report issues.

The most important step in the process is providing a way for security researchers to contact your organization. The easier it is for them to do so, the more likely it is that you'll receive security reports.

— OWASP Cheatsheet Series on Vulnerability Disclosure

Locations this could be located include but are not limited to:

SECURITY.md at the root of the GitHub repository. This has the added benefit of showing up on the "Security" GitHub tab.
/.well-known/security.txt on the website. See securitytxt.org.
Page on the frontend, linked to in the footer or similar.

The most common methods of communication for open-source software are E-Mail and GitHub private vulnerability reporting.

linear[bot] commented 1 month ago

ENG-537 Create a security policy

Rish-it commented 1 month ago

Assign it to me

steven-tey commented 1 week ago

@Erb3 thank you so much for this recommendation, will go ahead and add those files now 🙏

dubinc / dub

Create a security policy #1254