If private vulnerability reports are supported, the project MUST include how to send the information in a way that is kept private.

shieldworks / aegis

Aegis: Keep Your Secrets… Secret

https://vsecm.com

MIT License

31 stars 3 forks source link

If private vulnerability reports are supported, the project MUST include how to send the information in a way that is kept private. #451

Open v0lkan opened 1 year ago

v0lkan commented 1 year ago

Examples include a private defect report submitted on the web using HTTPS (TLS) or an email encrypted using OpenPGP. If vulnerability reports are always public (so there are never private vulnerability reports), choose "not applicable" (N/A).