brendan-ward
commented
8 months ago @SCH227 does this policy seem sufficient for now?
Closed brendan-ward closed 8 months ago
brendan-ward
commented
8 months ago @SCH227 does this policy seem sufficient for now?
SCH227
commented
8 months ago @brendan-ward it looks greats to me, thank you!
Resolves #311
Loosely inspired by Fiona #1308.
This is perhaps a bit on the verbose side, but I was trying to provide sufficient content in regards to 3rd party dependencies, since that is where the majority of the vulnerabilities are likely to occur.
Notably absent is what our follow-up timeframe is, since I didn't want to obligate us to follow a specific response protocol or timeframe. Rather, we can refine that protocol on a case by case basis depending on the nature of vulnerabilities as they are reported.