#47368 closed enhancement (duplicate)
Introduce a SECURITY.md file
Reported by: | desrosj | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
In May, GitHub added support for a SECURITY.md
file. This allows a project to define it's security policy advising users about how and when to report security vulnerabilities to the repository maintainers.
When the file is present, a Security tab is added to the repository to display this file.
Adding a SECURITY.md
file could help encourage users utilizing the official GitHub mirror to report sensitive security related issues responsibly through the proper channels.
I think a brief summary of the project's reporting methodology (responsible, private disclosures) linking to the WordPress.org Security page would be sufficient.
Change History (3)
Note: See
TracTickets for help on using
tickets.
Related: #37998