Skip to content

feat: add SECURITY.md#3

Open
yocaba wants to merge 1 commit into
mainfrom
add-security-policy
Open

feat: add SECURITY.md#3
yocaba wants to merge 1 commit into
mainfrom
add-security-policy

Conversation

@yocaba

@yocaba yocaba commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Closes opendefensecloud/odd-internal#45.

Adds a SECURITY.md at the root of the org .github repo, establishing a responsible-disclosure process for Open Defense Cloud.

Why here instead of per-repo

GitHub surfaces an org-level SECURITY.md on the Security tab of every org repo that doesn't ship its own. So this single file gives every repo a disclosure process at once (no per-repo duplication), and any repo can still add its own SECURITY.md later to override it.

Follow-up (not in this PR): Enable Private Vulnerability Reporting org-wide.

@cbrgm

cbrgm commented Jul 16, 2026

Copy link
Copy Markdown

Also, looks good to me! One small nit: maybe use bullet points in "Scope" too, same like "Out of Scope", for consistency. Otherwise LGTM 👍

@cbrgm

cbrgm commented Jul 16, 2026

Copy link
Copy Markdown

What's the plan to reference to this document? Are we just linking from individual projects' readme files to the centralized one here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants