is there a good link for “I’m an open source maintainer and someone just reported a security problem to me, what do I do now?” - assuming maintainer does not know what “responsible disclosure,” “CVE,” etc are in advance - how does someone learn how to handle security bugs?
-
-
Replying to @havocp
The
@linuxfoundation CII has a ton of documentation on this:https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/criteria.md …1 reply 1 retweet 3 likes
Specifically this section:https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/criteria.md#reporting …
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.