Skip to content

Security: ossf/secure-sw-dev-fundamentals

SECURITY.md

SECURITY

We're glad if you want to report a vulnerability!

If you wish to propose text to explain how to detect and prevent a kind of vulnerability that is already publicly known, please just file a normal issue and/or pull request. We don't consider that a "vulnerability report" in the sense that many people use the term.

In some cases we're the wrong place to report vulnerabilities to:

  • If you wish to report a vulnerability on a specific project that isn't this project, please don't report that here. Instead, please report the vulnerability to that project.
  • If you wish to report a general vulnerability in edX or the Linux Foundation Training & Certification platform, please report the vulnerability to them instead.

However, in some cases we do want you to report a vulnerability to us:

  • If you wish to report a vulnerability in this specific course as supported by the Linux Foundation (via edX or the Linux Foundation Training & Certification platform).
  • If you wish to propose text to explain how to detect and prevent a kind of vulnerability that has never been publicly announced or discussed anywhere.

If you want to report those kinds of vulnerabilities to us, please use the GitHub mechanism privately reporting a security vulnerability to this repository.

There aren’t any published security advisories