bundler-audit icon indicating copy to clipboard operation
bundler-audit copied to clipboard

Published 20 hours ago verified publisher icon rubysec

Add a Security Policy

Open postmodern opened this issue 3 years ago • 1 comments

Add a SECURITY.md file explaining how to report vulnerabilities in bundler-audit.

  • Which email address should they be sent to? (rubysec's mailing list or my email addres?)
  • Which PGP key, if any, should be used to encrypt emails? (I can volunteer my PGP pubkey)

/cc @reedloden

postmodern avatar Jun 04 '21 23:06 postmodern

I'm a bit biased here due to it being my employer (and the fact that I manage this particular offering), but HackerOne offers a completely free version for open source projects. Might I suggest that as an alternative to email and PGP? Ruby, Rails, and RubyGems all use it already, just as examples.

reedloden avatar Jun 06 '21 21:06 reedloden