Closed rarkins closed 2 years ago
Tweet for context:
Nothing in the meetings at least.
Not to my knowledge. I will reach out to Hauwa to check if there is any overlap.
I think I found something relevant in https://github.com/ossf/wg-vulnerability-disclosures/issues/99#issue-901314421, full quote:
The group would like to develop a CVD guide for OSS projects. The guide should include the CVD process, how to work with security researchers in a CVD setting, and templates for security policies (issue #95).
A fork of Google's CVD for OSS guide has been added here to give a starting base. Please open issues, PRs, and edit away!
The linked ossf/oss-vulnerability-guide
repository has a section on Feedback:
Feedback
We welcome feedback from OSS project maintainers and security researchers on this guide. Opening a GitHub Issue is the best way to send feedback (see CONTRIBUTING.md for directions on submitting PRs).
So I think this is where you can contribute as a maintainer or security researcher.
I might be totally wrong though... 🙈 Just wanted to mention what I found, in case it's relevant.
I think we can close this issue now. The answer appears to be that it was private research which GitHub performed for commercial purposes, not OSSF.
Is this WG involved in any way in this upcoming vulnerability disclosure survey by GitHub?