clusterlink icon indicating copy to clipboard operation
clusterlink copied to clipboard
verified publisher icon clusterlink-net

Create SECURITY.md

Open welisheva22 opened this issue 1 year ago • 1 comments

Given that we are in the alpha stage, I think this would suffice. When we are out of alpha stage, it would be valuable to revise this process as security vulnerabilities may need to be handled differently than other enhancements/bugs/comments.

welisheva22 avatar May 22 '24 19:05 welisheva22

Not sure we want vulnerabilities reported as normal issues. Need to research what options are available so they can be fixed before disclosed publicly (e.g., maintainers mailing list)

elevran avatar May 24 '24 09:05 elevran

Enabled private vulnerability reporting on the repo. Revised SECURITY.md text to reflect that.

elevran avatar May 27 '24 17:05 elevran