search

ossf / alpha-omega

Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
https://alpha-omega.dev
Apache License 2.0
84 stars 51 forks source link

Homepage: "The checks" section contains unclear example ("something can be exploited via a pull request") #359

Closed Chealer closed 6 months ago

Chealer commented 7 months ago

The The checks section of the homepage starts with:

The checks collect together security best practises and industry standards

The riskiness of each vulnerability is based on how easy it is to exploit. For example if something can be exploited via a pull request, we consider that a high risk.

The example (described in the last sentence quoted) is very hard to understand. I cannot figure out what "something can be exploited via a pull request" means.

It would help to give an example of what "something" can be and to clarify what you mean by "a pull request".

By the way Sentences should be terminated with a full stop ("."), including the one opening the section.
hyandell commented 6 months ago

This seems to refer to the Scorecard website, so I have duplicated the issue on their issue tracker, pointing back to here. Closing this issue.

TateGunning commented 6 months ago

Clear