solid-panes icon indicating copy to clipboard operation
solid-panes copied to clipboard

Published 20 hours ago verified publisher icon SolidOS

A proposed security policy

Open timea-solid opened this issue 2 years ago • 2 comments

This should be a basis to start a security policy which can be than copied on all repositories we own.

timea-solid avatar Apr 13 '23 19:04 timea-solid

Looks good to me.

Depending on how you are able to deal with it I would consider to enable "private vulnerability reporting". If a security issue is public, everyone can read about them and abuse them until they are fixed. If they are private, they would have to find them out themself to abuse them, making it harder. I think in a project such as SolidOS this could be important, as I expect the time to a fix to be rather long (as it is largely volunteer-based).

I guess, then the main question would be if it is easy for you to define an appropriate group of people that can read these issues (eg people who regularly contribute to the project).

Otto-AA avatar Apr 13 '23 21:04 Otto-AA

Thank you @TallTed for fixing it. Seeing the improvements one could totally see I wrote it late last night 😅

@Otto-AA you bring up really good points. I need to think about it and maybe bring it up in the meeting. I am happy we started the process :)

timea-solid avatar Apr 14 '23 07:04 timea-solid