Post a security policy

Open daveschaefer opened this issue 12 years ago • 0 comments

We should post a security policy on the site. Partially inspired by http://blog.erratasec.com/2013/08/the-rob-test-12-steps-to-safer-code.html

Dan says: "any possible security issue issue needs to be treated with high priority + clear notification".

Part 1: response plan Part 2: advisory page that shows past critical security bugs and what we did about them.

Draft and post to the mailing list for feedback.

Sep 22 '13 03:09 daveschaefer