Vulnerability report process
Summary
The project MUST publish the process for reporting vulnerabilities on the project site.
Feature details
E.g., a clearly designated mailing address on https://PROJECTSITE/security, often in the form security@example.org. This MAY be the same as its bug reporting process. Vulnerability reports MAY always be public, but many projects have a private vulnerability reporting mechanism.
Implementation
- add url
discuss-data.net/security
with info and e-mail - add e-mail forward from
security@discuss-data.net
to service desk (gitlab+discuss-data-discuss-data-9289-issue-@gwdg.de)
Edited by Stefan Hynek