-
Notifications
You must be signed in to change notification settings - Fork 284
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SECURITY.md #131
Comments
Hi, thanks for the note. I certainly will do that, and I appreciate your
discretion!
Best,
Scot
…On Mon, Sep 27, 2021 at 8:42 PM Ziding Zhang ***@***.***> wrote:
Hey there!
I belong to an open source security research community, and a member (
@0xdhinu <https://github.com/0xdhinu>) has found an issue, but doesn’t
know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email,
or another contact method? GitHub recommends
<https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository>
this best practice to ensure security issues are responsibly disclosed, and
it would serve as a simple instruction for security researchers in the
future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper <https://github.com/huntr-helper>)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#131>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAZCJTQLYNCXJECUMAOV4DUEE2SZANCNFSM5E4LCV7A>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
d(-_-)b
forsan et haec olim meminisse juvabit
|
SECURITY.md has been added (github only, not pypi), thank you.
./s
…On Mon, Sep 27, 2021 at 10:52 PM Scot Hacker ***@***.***> wrote:
Hi, thanks for the note. I certainly will do that, and I appreciate your
discretion!
Best,
Scot
On Mon, Sep 27, 2021 at 8:42 PM Ziding Zhang ***@***.***>
wrote:
> Hey there!
>
> I belong to an open source security research community, and a member (
> @0xdhinu <https://github.com/0xdhinu>) has found an issue, but doesn’t
> know the best way to disclose it.
>
> If not a hassle, might you kindly add a SECURITY.md file with an email,
> or another contact method? GitHub recommends
> <https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository>
> this best practice to ensure security issues are responsibly disclosed, and
> it would serve as a simple instruction for security researchers in the
> future.
>
> Thank you for your consideration, and I look forward to hearing from you!
>
> (cc @huntr-helper <https://github.com/huntr-helper>)
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#131>, or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAAZCJTQLYNCXJECUMAOV4DUEE2SZANCNFSM5E4LCV7A>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
>
--
d(-_-)b
forsan et haec olim meminisse juvabit
--
d(-_-)b
forsan et haec olim meminisse juvabit
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey there!
I belong to an open source security research community, and a member (@0xdhinu) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: