diogoteles08
commented
10 months ago Hey @jbeder! This issue has been idle for quite some time. Do you plan on considering these changes? Otherwise I will wait up to 2 more months and close the issue.
Thanks!
jbeder
Hi @jbeder! I'm Diogo and I'm back (see #1174) hoping to offer a bit more help with security enhancements.
This time I'm here to suggest that you expose a way that users can report eventual vulnerabilities in a safe and efficient way. This is usually described in a Security Policy, which is a GitHub standard document (SECURITY.md) added on the root of the repo and will be visible to the users in the "Security Tab".
It is a recommendation from Github itself, and from Scorecard (being a security measure of medium priority).
Aiming to make this change easier, I'll take the liberty of submitting one suggestion of a Security Policy as a PR. Please feel free to edit it directly or ask me for editions until it is in compliance with how jbeder/yaml-cpp would best handle vulnerability reports.