slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[feature] Add a security policy file

Open laurentsimon opened this issue 3 years ago • 4 comments
trafficstars

I'm not sure this should be handled via an OSSF-org policy or if individual projects needs their own.

@david-a-wheeler can you advise?

laurentsimon avatar Jul 13 '22 16:07 laurentsimon

Related #547

ianlewis avatar Jul 20 '22 03:07 ianlewis

Shall we close this issue then?

laurentsimon avatar Jul 20 '22 15:07 laurentsimon

We should have a SECURITY.md that at least points to the Open-SSF policy I think.

ianlewis avatar Jul 20 '22 23:07 ianlewis

The security policy should also identify the "security team" of members that are knowledgeable about security and will address security issues in order to better comply with OpenSSF security best practices.

ianlewis avatar Sep 22 '22 00:09 ianlewis