Develop Coordinated Vulnerability Disclosure recommendations for OSS projects

ossf / wg-vulnerability-disclosures

The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.

https://openssf.org

Apache License 2.0

175 stars 40 forks source link

Develop Coordinated Vulnerability Disclosure recommendations for OSS projects #99

Closed annabellegoth2boss closed 2 years ago

annabellegoth2boss commented 3 years ago

The group would like to develop a CVD guide for OSS projects. The guide should include the CVD process, how to work with security researchers in a CVD setting, and templates for security policies (issue #95).

A fork of Google's CVD for OSS guide has been added here to give a starting base. Please open issues, PRs, and edit away!

annabellegoth2boss commented 2 years ago

We've got that first version up and an feedback/incorporation mechanism going, so I think we can close this out!