Create a Security Policy #7265
joycebrum
started this conversation in
Report issues other than bug
Replies: 2 comments 1 reply
-
This is interesting. I'm trying to imagine what sort of security vulnerabilities RxJS could have though. Particularly in the latest version we don't have any dependencies, and we don't generally deal with network code or file system things. Please do send a PR for this, it doesn't seem like it could cause any harm... Although I do worry about our ability to respond in a timely manner, given this is all volunteer work. It's still good to have a secure notification channel I guess. |
Beta Was this translation helpful? Give feedback.
1 reply
-
Created a PR #7273 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
A Security Policy is a GitHub standard document (
SECURITY.md
) that can be seen in the "Security Tab" and in the About section of the homepage to instruct users about how to report vulnerability in the safest and most efficient way possible.Security Tab:
https://github.com/joycebrum/rxjs/security
About section:
It is both a Scorecard Recommendation (being a security measure of medium priority) and a Github Recommendation to have a Security Policy configured to the repo.
There are a few ways to receive such disclosures:
If you're interested in GitHub's feature, it must be activated for the repository:
I can send a PR with a draft policy (such as https://github.com/joycebrum/rxjs/security), just let me know.
Beta Was this translation helpful? Give feedback.
All reactions