Process for reporting possible security vulnerabilties

I suggest creating a **`SECURITY.md`** file describing your security process for reporting any security vulnerabilities. I can be as simple as "Report the issue as an email to john.doe@example.com with subject of 'Potential security vulnerability in X'" or however complicated as you want, but you probably do NOT want to have people by default report it publicly via GitHub Issues since generally anyone can read those for a public repository.

I'm not claiming either of these are perfect approach, but just throwing them out there as an idea if you wish to copy or get some ideas for creating your own:

- https://github.com/ESAPI/esapi-java-legacy/blob/develop/SECURITY.md#reporting-a-vulnerability

or

- https://github.com/nahsra/antisamy/blob/main/SECURITY.md#reporting-a-vulnerability

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Process for reporting possible security vulnerabilties #50

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Process for reporting possible security vulnerabilties #50

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions