willdollman
commented
1 year ago Hi @diogoteles08 thanks for this PR! After discussion we're planning to use our primary security email for security reports.
Closed diogoteles08 closed 1 year ago
willdollman
commented
1 year ago Hi @diogoteles08 thanks for this PR! After discussion we're planning to use our primary security email for security reports.
Closes #74
I've created the SECURITY.md file following a GitHub's template and considering that you'd request that users report vulnerabilities through the security advisory, which is a handy new GitHub feature, but it's still in beta and has to be manually enabled by a maintainer.
If you're interested in this feature, you can activate it following this steps:
However, if you'd rather not use this feature, you can also request users to report vulnerabilities to an email. If that's the case, let me know which email you would like to receive the reports and I can submit the change.
Additionally, feel free to edit or suggest any changes to this document, it is supposed to reflect the amount of effort the team can offer to handle vulnerabilities.