Open gabibguti opened 1 year ago
Hey @gabibguti do you have some examples of what a security policy might look like? We're interested in learning more!
Hi! Friendly ping here. Are you still planning on working on this change? Otherwise we can close as not planned for now :)
Thanks @gabibguti for the ping. There is an ongoing security policy that's pending some review. We'll leave this issue open as we'll be putting the security policy in place for all repos.
Adding a Security Policy is important as it provides guidance on how to report potential vulnerabilities and inform the vulnerabilities disclosure window for this repo.
I recently recommended https://github.com/uber-go/atomic/issues/132 and, like that change, this one also security-related.
If you agree, I can open a PR to suggest a Security Policy, and we can work together to communicate how the repo can best handle vulnerability reports.
Additional Context
Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)