Hi, I'm from Google and I'm working with the OpenSSF to improve supply chain security in many open source projects. As a security improvement, I would like to suggest the project to have a Security Policy.
A Security Policy is a GitHub standard document (SECURITY.md) that can be seen in the "Security Tab" to instruct users about how to report vulnerability in the safest and most efficient way possible.
Together with this issue I'll submit one suggestion of Security Policy, feel free to edit it directly or ask me for editions until it is in compliance with how demangle would best handle vulnerability reports.
Hi, I'm from Google and I'm working with the OpenSSF to improve supply chain security in many open source projects. As a security improvement, I would like to suggest the project to have a Security Policy.
A Security Policy is a GitHub standard document (
SECURITY.md
) that can be seen in the "Security Tab" to instruct users about how to report vulnerability in the safest and most efficient way possible.It is a Scorecard Recommendation (being one check of medium priority) and a Github Recommendation.
Together with this issue I'll submit one suggestion of Security Policy, feel free to edit it directly or ask me for editions until it is in compliance with how demangle would best handle vulnerability reports.