dub icon indicating copy to clipboard operation
dub copied to clipboard
verified publisher icon dubinc

Create a security policy

Open piprett opened this issue 1 year ago • 2 comments

Please create a security policy detailing contact information, as this helps security researchers privately report issues.

The most important step in the process is providing a way for security researchers to contact your organization. The easier it is for them to do so, the more likely it is that you'll receive security reports.

— OWASP Cheatsheet Series on Vulnerability Disclosure

Locations this could be located include but are not limited to:

  • SECURITY.md at the root of the GitHub repository. This has the added benefit of showing up on the "Security" GitHub tab.
  • /.well-known/security.txt on the website. See securitytxt.org.
  • Page on the frontend, linked to in the footer or similar.

The most common methods of communication for open-source software are E-Mail and GitHub private vulnerability reporting.

piprett avatar Sep 08 '24 13:09 piprett

ENG-537 Create a security policy

linear[bot] avatar Sep 08 '24 13:09 linear[bot]

Assign it to me

Rish-it avatar Sep 08 '24 14:09 Rish-it

@Erb3 thank you so much for this recommendation, will go ahead and add those files now 🙏

steven-tey avatar Oct 21 '24 23:10 steven-tey