[Security] Security process & documentation — vulnerability disclosure, release security gate, policies #151
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Security governance: a real vulnerability-disclosure process and release-security step, plus logging/secure-configuration/traceability documentation (most governance items are triaged W).
Part of #144. Decision legend: M must-do, C could-do, W won't-do (this cycle); investigate = verify the problem is real / scope it before implementing.
Subtasks & findings
T18 — Vulnerability-disclosure & release-security process
Owner: Either · Decision: M / C · Effort: VUL-01/04 ~0.5–1d; CIS-02 ~1w+
Flesh out SECURITY.md + release security step (M); full vuln-mgmt process (CIS-02, C).
SECURITY.md:1-7RELEASE_GUIDE.md (no security step)SECURITY.md contact-only; RELEASE_GUIDE.md no security stepT19 — Security docs & governance
Owner: Either · Decision: M + mostly W · Effort: ~0.5d (CIS-05); rest W
CIS-05 short logging note to CONTRIBUTING.md (M); CIS-06/07, SDLC-03/06 = W.
no logging policy in compliance/ or docs/docs/ holds only man pagesno compliance/REQ-TO-TEST.md.commitlintrc.json unreferenced; no .github/CODEOWNERSstabber harness satisfies it; no normative homeChecklist
T18 — Vulnerability-disclosure & release-security process
T19 — Security docs & governance
Notes