Skip to content

A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.

License

Notifications You must be signed in to change notification settings

google/oss-vulnerability-guide

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Guide to coordinated vulnerability disclosure for open source projects

This repository is a set of resources and reference materials to help open source projects to coordinated vulnerability disclosure. It was originally designed to help open source projects coming out of Google, so not all materials or recommendations may be applicable to your project.

For Googlers: Please see the OSPO site for documentation.

This repository contains:

Getting Started

If you are new to coordinated vulnerability disclosure, it is recommended you start with the Guide. While it is dense, you will want to be familiar with this information and the concepts presented before you need to address a vulnerability report.

If you are familiar with coordinated vulnerability disclosure, you can get a refresher by skipping to the Response Process section of the Guide, or go straight to the Runbook.

About

A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks