abailly-iohk
commented
1 year ago This policy from the Apache Software foundation seems to provide everything we would want: https://www.apache.org/security/committers.html
Closed kevinhammond closed 1 year ago
abailly-iohk
commented
1 year ago This policy from the Apache Software foundation seems to provide everything we would want: https://www.apache.org/security/committers.html
kevinhammond
commented
1 year ago This policy from the Apache Software foundation seems to provide everything we would want: https://www.apache.org/security/committers.html
It's a good basis, but would need to be adapted. I suggest we pass that on to the security team for them to action and to review against our current security policy. This section was just supposed to be a short policy on responsible disclosure.
kevinhammond
commented
1 year ago If we could merge this version that would be good - that gives someone a basis for expanding the policy later...
First try at responsible disclosure based on ETH approach