WordPress.org

Make WordPress Core

Opened 7 months ago

Closed 3 weeks ago

Last modified 3 weeks ago

#47368 closed enhancement (duplicate)

Introduce a SECURITY.md file

Reported by: desrosj Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Security Keywords:
Focuses: Cc:
PR Number:

Description

In May, GitHub added support for a SECURITY.md file. This allows a project to define it's security policy advising users about how and when to report security vulnerabilities to the repository maintainers.

When the file is present, a Security tab is added to the repository to display this file.

Adding a SECURITY.md file could help encourage users utilizing the official GitHub mirror to report sensitive security related issues responsibly through the proper channels.

I think a brief summary of the project's reporting methodology (responsible, private disclosures) linking to the WordPress.org Security page would be sufficient.

Change History (3)

#1 @SergeyBiryukov
7 months ago

  • Summary changed from Introduce a SECURTY.md file to Introduce a SECURITY.md file

Related: #37998

#2 @ayeshrajans
3 weeks ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #48521.

#3 @desrosj
3 weeks ago

  • Keywords 2nd-opinion removed
  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.