The 'Security' page at https://subrosa.io/security does not currently list a private security contact. It's essential for it to list such an address (with a reasonable response time, and a PGP key) in plain view, so as to accomodate responsible disclosure of critical security issues.
The 'Security' page at https://subrosa.io/security does not currently list a private security contact. It's essential for it to list such an address (with a reasonable response time, and a PGP key) in plain view, so as to accomodate responsible disclosure of critical security issues.