Template: Minimal Vulnerability Disclosure Policy #107

ruddermann · 2024-02-16T02:58:10Z

This template is designed to be the minimum viable Vulnerability Disclosure Policy for an OpenJS Project. It meets the following criteria:

Complies with ISO 29147 (Coordinated Vulnerability Disclosure).
Able to use as-is with little/no customization.

A working draft can be found here: https://docs.google.com/document/d/1yqugQ0W5w-gSmS5_repndlxlqdc8UrNLlHSeFmEdNkQ

SecurityCRob · 2024-03-20T12:22:00Z

CRob from OpenSSF Vuln Disclosures WG here. Nice work team. Added small optional suggestion, otherwise, LGTM

ruddermann self-assigned this Feb 16, 2024

ruddermann added the destf-ws2-cvd label Feb 16, 2024

ruddermann added this to the DE STF Milestone 4 (Q1'24) milestone Feb 16, 2024

ruddermann mentioned this issue Feb 16, 2024

Finalize and Release CVD Resources v1.0 #106

Open

ruddermann added template and removed destf-ws2-cvd labels Feb 16, 2024

ruddermann mentioned this issue Feb 17, 2024

Guide Section: Vulnerability Disclosure Policies #110

Open

ruddermann added the security-agenda label Mar 4, 2024

This was referenced Mar 4, 2024

OpenJS Foundation Security Collab Space Meeting 2024-03-04 #203

Open

OpenJS Foundation Security Collab Space Meeting 2024-03-11 #204

Open

ruddermann mentioned this issue Mar 25, 2024

OpenJS Foundation Security Collab Space Meeting 2024-03-25 #205

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Template: Minimal Vulnerability Disclosure Policy #107

Template: Minimal Vulnerability Disclosure Policy #107

ruddermann commented Feb 16, 2024 •

edited

Loading

SecurityCRob commented Mar 20, 2024

Template: Minimal Vulnerability Disclosure Policy #107

Template: Minimal Vulnerability Disclosure Policy #107

Comments

ruddermann commented Feb 16, 2024 • edited Loading

SecurityCRob commented Mar 20, 2024

ruddermann commented Feb 16, 2024 •

edited

Loading