Add form to submit private vulnerability reports #1374
Assignees
Labels
security
Report any vulnerability
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
When going through the Best Practices followed for OpenSource Projects on : https://www.bestpractices.dev/en/projects/8099
I found this .
If private vulnerability reports are supported, the project MUST include how to send the information in a way that is kept private. (URL required)
Examples include a private defect report submitted on the web using HTTPS (TLS) or an email encrypted using OpenPGP. If vulnerability reports are always public (so there are never private vulnerability reports), choose "not applicable" (N/A).
Describe the solution you'd like
Private Defect Report via Web:
Provide a URL for submitting vulnerability reports via a secure web form. Create a secure web form for submitting vulnerability reports using HTTPS.
The text was updated successfully, but these errors were encountered: