immer icon indicating copy to clipboard operation
immer copied to clipboard
verified publisher icon arximboldi

Defining a security vulnerability notification strategy

Open mrdewitt opened this issue 5 years ago • 1 comments

I'm planning to integrate with your library and am looking for some way to ensure we're notified if a vulnerability is reported or fixed in this repo. Do you have an existing procedure for this? There are a few ways that come to mind for C++:

If you plan to use CVE, would it be possible to register for a CPE identifier so that I can begin tracking that prefix for vulnerability announcements?

mrdewitt avatar Aug 21 '20 18:08 mrdewitt

Hi @mrdewitt,

Just a quick message to note that this is on my radar!

I am however waiting for some external input to decide on the best approach for this. I'll get back to you soon. Also, there are some details we could discuss off Github, you can get back to me per email (check my Github account).

Thanks!

arximboldi avatar Sep 07 '20 08:09 arximboldi