Hi! I'm Diogo and I'm back (see #72) hoping to offer a bit more help with security enhancements.
This time I'm here to suggest that you expose a way that users can report sensitive vulnerabilities in a safe and efficient way. This is usually done through a Security Policy, which is a GitHub standard document (SECURITY.md) added on the root of the repo and that will be visible to the users in the "Security Tab", as you can see bellow:
Having a Security Policy is a recommendation from Github itself and from Scorecard -- being a security measure of medium priority.
Aiming to make this change easier, I'll take the liberty and submit a suggestion/draft of a Security Policy as a PR. Please feel free to edit it directly or ask me for editions until it is in compliance with how sourcegraph/jsonrpc2 would best handle vulnerability reports.
Hi! I'm Diogo and I'm back (see #72) hoping to offer a bit more help with security enhancements.
This time I'm here to suggest that you expose a way that users can report sensitive vulnerabilities in a safe and efficient way. This is usually done through a Security Policy, which is a GitHub standard document (SECURITY.md) added on the root of the repo and that will be visible to the users in the "Security Tab", as you can see bellow:
Having a Security Policy is a recommendation from Github itself and from Scorecard -- being a security measure of medium priority.
Aiming to make this change easier, I'll take the liberty and submit a suggestion/draft of a Security Policy as a PR. Please feel free to edit it directly or ask me for editions until it is in compliance with how sourcegraph/jsonrpc2 would best handle vulnerability reports.