WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 3 months ago

#47368 new enhancement

Introduce a SECURITY.md file

Reported by: desrosj Owned by:
Milestone: Awaiting Review Priority: normal
Severity: minor Version:
Component: Security Keywords: 2nd-opinion
Focuses: Cc:

Description

In May, GitHub added support for a SECURITY.md file. This allows a project to define it's security policy advising users about how and when to report security vulnerabilities to the repository maintainers.

When the file is present, a Security tab is added to the repository to display this file.

Adding a SECURITY.md file could help encourage users utilizing the official GitHub mirror to report sensitive security related issues responsibly through the proper channels.

I think a brief summary of the project's reporting methodology (responsible, private disclosures) linking to the WordPress.org Security page would be sufficient.

Change History (1)

#1 @SergeyBiryukov
3 months ago

  • Summary changed from Introduce a SECURTY.md file to Introduce a SECURITY.md file

Related: #37998

Note: See TracTickets for help on using tickets.