dep-scan icon indicating copy to clipboard operation
dep-scan copied to clipboard

Published 20 hours ago verified publisher icon owasp-dep-scan

Add SECURITY.md with vulnerability reporting and disclosure policy

Open iAnonymous3000 opened this issue 11 months ago • 1 comments

This introduces a SECURITY.md file to the project, outlining the OWASP dep-scan security policy. The file covers the following key points:

  • Supported versions and commitment to providing security updates
  • Instructions for reporting vulnerabilities to the project maintainer
  • Overview of the vulnerability management process
  • Statement on the current absence of a bug bounty program
  • Secure development practices followed by the project
  • Placeholder for acknowledging responsible vulnerability disclosures

The main contact for reporting vulnerabilities is listed as [email protected].

This policy demonstrates the project's commitment to maintaining a secure codebase and handling vulnerability reports responsibly. It provides guidance to security researchers and users on how to engage with the project for security-related concerns.

Please feel free to modify it in any way that you believe is suitable.

iAnonymous3000 avatar Mar 14 '24 01:03 iAnonymous3000

@iAnonymous3000 Thank you for this contribution! I think the content needs some changes. Will do it later.

At the moment, we treat security issues as any other issues.

prabhu avatar Mar 14 '24 08:03 prabhu