The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
The group would like to develop a CVD guide for OSS projects. The guide should include the CVD process, how to work with security researchers in a CVD setting, and templates for security policies (issue #95).
A fork of Google's CVD for OSS guide has been added here to give a starting base. Please open issues, PRs, and edit away!
The group would like to develop a CVD guide for OSS projects. The guide should include the CVD process, how to work with security researchers in a CVD setting, and templates for security policies (issue #95).
A fork of Google's CVD for OSS guide has been added here to give a starting base. Please open issues, PRs, and edit away!