Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Defining a security vulnerability notification strategy #156

Open
mrdewitt opened this issue Aug 21, 2020 · 1 comment
Open

Defining a security vulnerability notification strategy #156

mrdewitt opened this issue Aug 21, 2020 · 1 comment
Labels
enhancement question

Comments

@mrdewitt
Copy link

I'm planning to integrate with your library and am looking for some way to ensure we're notified if a vulnerability is reported or fixed in this repo. Do you have an existing procedure for this? There are a few ways that come to mind for C++:

If you plan to use CVE, would it be possible to register for a CPE identifier so that I can begin tracking that prefix for vulnerability announcements?
@arximboldi
Copy link
Owner

Hi @mrdewitt,

Just a quick message to note that this is on my radar!

I am however waiting for some external input to decide on the best approach for this. I'll get back to you soon. Also, there are some details we could discuss off Github, you can get back to me per email (check my Github account).

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrdewitt @arximboldi