Re: security vuln reporting policy in GH


Christopher Ferris <chris.ferris@...>
 

Bumping this topic for discussion. Adding to the wiki as well.

Chris


On Fri, Sep 6, 2019 at 11:40 AM Christopher Ferris <chris.ferris@...> wrote:
I know that GH has been reporting vulnerabilities in dependencies for a while now, but I see that they have also added the ability to publish your security vulnerability reporting process via the GH repository.


Seems to me that it would be A Good Thing (tm) to update all the Hyperledger repos with our process, with each project adding in the set of releases covered by the policy.


Thoughts?

Chris

Join tsc@lists.hyperledger.org to automatically receive all group messages.