we need a security policy #576

chadwhitacre · 2013-01-31T04:49:32Z

http://news.ycombinator.com/item?id=5141299

do sec people inherently know to try hitting /security.html by convention, or should there be links to it from the main site?

They know to look for a link to the security page.
Github's is in their site footer.
37signals' is in their site footer.
Twitter's is linked off the sidebar in their "About" page.
Google's and Facebook's are the top search result for their site and "vulnerability" "security".
These are all fine options.

sigmavirus24 · 2013-01-31T13:47:31Z

I would put it in the site footer so it is available everywhere.

I went for a text file in the site root.

patcon · 2014-04-19T14:15:44Z

Reopening this for #2072 (comment)

cc: @greggles

patcon · 2014-04-19T14:20:31Z

Convo with @clone1018 on internal password policies: IRC

rummik · 2014-04-21T23:03:34Z

+1-ing this so it doesn't get lost in my GitHub notifications. Security acknowledgements are good, but both that and policy is better

chadwhitacre added a commit that referenced this issue Feb 1, 2013

Start a security file; #576

7136d3b

I went for a text file in the site root.

chadwhitacre closed this as completed Feb 1, 2013

patcon reopened this Apr 19, 2014

Changaco added ★☆☆ Ready to Start labels Sep 7, 2014

Changaco removed the Ready to Start label Mar 1, 2015

Changaco closed this as completed Mar 1, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

we need a security policy #576

we need a security policy #576

chadwhitacre commented Jan 31, 2013

sigmavirus24 commented Jan 31, 2013

patcon commented Apr 19, 2014

patcon commented Apr 19, 2014

rummik commented Apr 21, 2014

we need a security policy #576

we need a security policy #576

Comments

chadwhitacre commented Jan 31, 2013

sigmavirus24 commented Jan 31, 2013

patcon commented Apr 19, 2014

patcon commented Apr 19, 2014

rummik commented Apr 21, 2014