OpenTimelineIO icon indicating copy to clipboard operation
OpenTimelineIO copied to clipboard

Published 20 hours ago verified publisher icon AcademySoftwareFoundation

Set up a project security policy

Open cary-ilm opened this issue 5 months ago • 0 comments

Copy SECURITY.md from OpenEXR or one of the other ASWF projects, and delete whatever doesn't apply to your project. This cover several of the OpenSSF badge requirements, like the policy, vulnerability reporting, and expectations.

Other related steps to take:

  1. Set up [email protected] that forwards to your technical steering committee. The LF can help configure this.
  2. On the "Code security & analysis" page of your GitHub repo settings, enable private vulnerability reporting.

cary-ilm avatar Sep 01 '24 21:09 cary-ilm