Closed gabibguti closed 11 months ago
Sure. The answer to that is probably for people to send me an email.
Got it. Is your email henri@tremblay.pro, as mentioned in https://blog.tremblay.pro/about.html?
GitHub also has it's own tool for reporting vulnerabilities if you'd like to take a look: https://github.blog/changelog/2022-11-09-privately-report-vulnerabilities-to-repository-maintainers/
Ok. I have enable github and added a SECURITY.md. Please tell me if something else is needed.
All good.
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and also raise awareness of when vulnerabilities will be confirmed, fixed and disclosed.
Following up on @joycebrum security recommendation at https://github.com/easymock/objenesis/issues/177, this one also related to security and recommended by Github and Scorecard.
If you agree, I can open a PR to suggest a Security Policy. We can then work together to communicate how the repo can best handle vulnerability reports if you think it's applicable.
Additional Context
Hi! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)