search

uber-go / atomic

Wrapper types for sync/atomic which enforce atomic access
https://go.uber.org/atomic
MIT License
1.29k stars 99 forks source link

Add Security Policy #134

Open gabibguti opened 1 year ago

gabibguti commented 1 year ago

Adding a Security Policy is important as it provides guidance on how to report potential vulnerabilities and inform the vulnerabilities disclosure window for this repo.

I recently recommended https://github.com/uber-go/atomic/issues/132 and, like that change, this one also security-related.

If you agree, I can open a PR to suggest a Security Policy, and we can work together to communicate how the repo can best handle vulnerability reports.

Additional Context

Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

r-hang commented 1 year ago

Hey @gabibguti do you have some examples of what a security policy might look like? We're interested in learning more!

gabibguti commented 1 year ago

@r-hang Yes! Here are a few examples: https://github.com/emscripten-core/emscripten/security/policy https://github.com/dustin/go-humanize/security/policy https://github.com/Cyan4973/xxHash/security/policy

gabibguti commented 10 months ago

Hi! Friendly ping here. Are you still planning on working on this change? Otherwise we can close as not planned for now :)

sywhang commented 10 months ago

Thanks @gabibguti for the ping. There is an ongoing security policy that's pending some review. We'll leave this issue open as we'll be putting the security policy in place for all repos.