emscripten-core / emsdk

Emscripten SDK
http://emscripten.org
Other
3.02k stars 688 forks source link

Add a security policy #1223

Closed pnacht closed 1 year ago

pnacht commented 1 year ago

Hey, it's Pedro and I'm back (see https://github.com/emscripten-core/emscripten/issues/19037), this time suggesting that emsdk also adopt a security policy.

A security policy (SECURITY.md) is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities. GitHub recommends that projects have one.

There are a few other ways to receive such disclosures (emails, websites, GitHub's vuln reporting feature), but I believe the solution used for emscripten itself (linking to the Chromium security bug tracker) would also be entirely reasonable for emsdk.

I'll send a PR with a draft policy (similar to emscripten's) along with this issue.