adunkman
commented
4 years ago Now that we have github issue templates, GitHub is directly picking up docs/security.md as our security policy:
Open adunkman opened 4 years ago
adunkman
commented
4 years ago Now that we have github issue templates, GitHub is directly picking up docs/security.md as our security policy:
SECURITY.md is the standard location for security policies.
We should document how we would like to receive security vulnerabilities from anyone — employees, contractors, and the public — who discover security vulnerabilities. If we do not, vulnerabilities are more likely to be published publicly by filing public GitHub issues, which reduces our timeline to address them.