SECURITY.md: suggest including GitHub ID in reports

Signed-off-by: Akihiro Suda <[email protected]>
opencontainers · Apr 27, 2023 · 4795f89 · 4795f89
1 parent ae5fc4a
commit 4795f89
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -7,6 +7,11 @@ request on GitHub. Instead, disclose the issue responsibly by sending an email
 to [email protected] (which is inhabited only by the maintainers of
 the various OCI projects).
 
+A report should include:
+- Exploitability of the vulnerability
+- The affected version
+- Your GitHub ID (if you have), so that you can be credited in GitHub Security Advisory.
+
 The maintainers take security seriously. If you discover a security issue,
 please bring it to their attention right away!