GitHub ↔ security policy

Relations (1)

cross_type 2.00 — strongly supporting 3 facts

GitHub repositories are frequently evaluated for the presence of a security policy as noted in [1], and the platform provides specific features like security advisories to support these policies as mentioned in [2]. Furthermore, maintainers often manage their security policy by linking to external documentation from their GitHub repositories, as described in [3].

Facts (3)

Sources

A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org arXiv 3 facts

quote“We have a security policy in place where we say please do not report it publicly but try to contact me personally via email or send a mail to our security mailing list or create a security advisory on GitHub.”

claimSome open-source software maintainers link to organization-specific security policies published outside of the GitHub platform.

referenceAyala et al. found that many GitHub repositories lack a security policy.