From 4795f89ed25f3e3dcdca69f0a9bbd3b1d0557a80 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 27 Apr 2023 17:29:14 +0900 Subject: [PATCH] SECURITY.md: suggest including GitHub ID in reports Signed-off-by: Akihiro Suda --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 66d6281..ba6caab 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,6 +7,11 @@ request on GitHub. Instead, disclose the issue responsibly by sending an email to security@opencontainers.org (which is inhabited only by the maintainers of the various OCI projects). +A report should include: +- Exploitability of the vulnerability +- The affected version +- Your GitHub ID (if you have), so that you can be credited in GitHub Security Advisory. + The maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!