A security policy (SECURITY.md) is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities. GitHub recommends that projects have one.
There are a few other ways to receive such disclosures (emails, websites, GitHub's vuln reporting feature), but I believe the solution used for emscripten itself (linking to the Chromium security bug tracker) would also be entirely reasonable for emsdk.
I'll send a PR with a draft policy (similar to emscripten's) along with this issue.
Hey, it's Pedro and I'm back (see https://github.com/emscripten-core/emscripten/issues/19037), this time suggesting that emsdk also adopt a security policy.
A security policy (SECURITY.md) is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities. GitHub recommends that projects have one.
There are a few other ways to receive such disclosures (emails, websites, GitHub's vuln reporting feature), but I believe the solution used for emscripten itself (linking to the Chromium security bug tracker) would also be entirely reasonable for emsdk.
I'll send a PR with a draft policy (similar to emscripten's) along with this issue.