Re: security vuln reporting policy in GH

Dave Huseby <dhuseby@...>

Thanks for the bump. I agree with you that it is a good idea. I'm not ignoring this. It's on the todo list.

David Huseby
Security Maven, Hyperledger
The Linux Foundation

On Wed, Sep 25, 2019 at 5:48 AM Christopher Ferris <chris.ferris@...> wrote:
Bumping this topic for discussion. Adding to the wiki as well.


On Fri, Sep 6, 2019 at 11:40 AM Christopher Ferris <chris.ferris@...> wrote:
I know that GH has been reporting vulnerabilities in dependencies for a while now, but I see that they have also added the ability to publish your security vulnerability reporting process via the GH repository.

Seems to me that it would be A Good Thing (tm) to update all the Hyperledger repos with our process, with each project adding in the set of releases covered by the policy.



Join to automatically receive all group messages.