-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: add a security assurance case #7048
Docs: add a security assurance case #7048
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps not the main thrust here, but I think SECURITY.md
is probably the wrong file for this sort of posture & best practices doc.
I think SECURITY.md
is more oriented to practical question, like "how do I report an issue"
github has this to say:
- https://docs.github.com/en/code-security/security-advisories/adding-a-security-policy-to-your-repository
- https://github.com/standard/.github/blob/master/SECURITY.md
I could see combining them into something larger
I am happy to contribute more here and there if we can land a v1. I don't think we need to have this be completed before merging. But we should have something more than just the headings (e.g., we should implement the feedback thus far). |
Friendly ping -- is there any feedback I can still address or can we merge this as v1? |
This is great! Thanks @mike-myers-tob for codifying a lot of institutional understanding as well as iterating on feedback. Let's consider this a v1 and be open to more conversation and proposed changes going forward. |
Closes #7047